Nuclear Regulation NEA/CSNI/R(2014)9 July 2014 www.oecd-nea.org
Probabilistic Safety Assessment (PSA) of Natural External Hazards Including Earthquakes
Workshop Proceedings Prague, Czech Republic 17-20 June 2013
Unclassified NEA/CSNI/R(2014)9
Organisation de Coopération et de Développement Économiques Organisation for Economic Co-operation and Development 02-Jul-2014 ______English text only NUCLEAR ENERGY AGENCY COMMITTEE ON THE SAFETY OF NUCLEAR INSTALLATIONS Unclassified NEA/CSNI/R(2014)9
PSA OF NATURAL EXTERNAL HAZARDS INCLUDING EARTHQUAKE Workshop proceedings
Prague, Czech Republic
June 17-20, 2013
This document only exists in PDF format
JT03360085
only text English Complete document available on OLIS in its original format This document and any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area.
NEA/CSNI/R(2014)9
ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT
The OECD is a unique forum where the governments of 34 democracies work together to address the economic, social and environmental challenges of globalisation. The OECD is also at the forefront of efforts to understand and to help governments respond to new developments and concerns, such as corporate governance, the information economy and the challenges of an ageing population. The Organisation provides a setting where governments can compare policy experiences, seek answers to common problems, identify good practice and work to co-ordinate domestic and international policies. The OECD member countries are: Australia, Austria, Belgium, Canada, Chile, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, the Republic of Korea, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States. The European Commission takes part in the work of the OECD. OECD Publishing disseminates widely the results of the Organisation’s statistics gathering and research on economic, social and environmental issues, as well as the conventions, guidelines and standards agreed by its members.
This work is published on the responsibility of the OECD Secretary-General. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the Organisation or of the governments of its member countries.
NUCLEAR ENERGY AGENCY
The OECD Nuclear Energy Agency (NEA) was established on 1 February 1958. Current NEA membership consists of 31 countries: Australia, Austria, Belgium, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Luxembourg, Mexico, the Netherlands, Norway, Poland, Portugal, the Republic of Korea, the Russian Federation, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States. The European Commission also takes part in the work of the Agency. The mission of the NEA is: – to assist its member countries in maintaining and further developing, through international co-operation, the scientific, technological and legal bases required for a safe, environmentally friendly and economical use of nuclear energy for peaceful purposes, as well as – to provide authoritative assessments and to forge common understandings on key issues, as input to government decisions on nuclear energy policy and to broader OECD policy analyses in areas such as energy and sustainable development. Specific areas of competence of the NEA include the safety and regulation of nuclear activities, radioactive waste management, radiological protection, nuclear science, economic and technical analyses of the nuclear fuel cycle, nuclear law and liability, and public information. The NEA Data Bank provides nuclear data and computer program services for participating countries. In these and related tasks, the NEA works in close collaboration with the International Atomic Energy Agency in Vienna, with which it has a Co-operation Agreement, as well as with other international organisations in the nuclear field.
This document and any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Corrigenda to OECD publications may be found online at: www.oecd.org/publishing/corrigenda. © OECD 2013 You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases and multimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitable acknowledgment of the OECD as source and copyright owner is given. All requests for public or commercial use and translation rights should be submitted to [email protected]. Requests for permission to photocopy portions of this material for public or commercial use shall be addressed directly to the Copyright Clearance Center (CCC) at [email protected] or the Centre français d'exploitation du droit de copie (CFC) [email protected].
2 NEA/CSNI/R(2014)9
COMMITTEE ON THE SAFETY OF NUCLEAR INSTALLATIONS
Within the OECD framework, the NEA Committee on the Safety of Nuclear Installations (CSNI) is an international committee made of senior scientists and engineers, with broad responsibilities for safety technology and research programmes, as well as representatives from regulatory authorities. It was set up in 1973 to develop and co-ordinate the activities of the NEA concerning the technical aspects of the design, construction and operation of nuclear installations insofar as they affect the safety of such installations.
The committee’s purpose is to foster international co-operation in nuclear safety amongst the NEA member countries. The CSNI’s main tasks are to exchange technical information and to promote collaboration between research, development, engineering and regulatory organisations; to review operating experience and the state of knowledge on selected topics of nuclear safety technology and safety assessment; to initiate and conduct programmes to overcome discrepancies, develop improvements and research consensus on technical issues; and to promote the co-ordination of work that serves to maintain competence in nuclear safety matters, including the establishment of joint undertakings.
The clear priority of the committee is on the safety of nuclear installations and the design and construction of new reactors and installations. For advanced reactor designs the committee provides a forum for improving safety related knowledge and a vehicle for joint research.
In implementing its programme, the CSNI establishes co-operate mechanisms with the NEA’s Committee on Nuclear Regulatory Activities (CNRA) which is responsible for the programme of the Agency concerning the regulation, licensing and inspection of nuclear installations with regard to safety. It also co- operates with the other NEA’s Standing Committees as well as with key international organisations (e.g., the IAEA) on matters of common interest.
3 NEA/CSNI/R(2014)9
4 NEA/CSNI/R(2014)9
OECD/NEA COMMITTEE ON THE SAFETY OF NUCLEAR INSTALLATIONS (CSNI)
PSA OF NATURAL EXTERNAL HAZARDS INCLUDING EARTHQUAKE Workshop proceedings
Prague, Czech Republic June 17-20, 2013
5 NEA/CSNI/R(2014)9
6 NEA/CSNI/R(2014)9
Table of Contents
EXECUTIVE SUMMARY………………………………………………………………………………... 9 1. INTRODUCTION………………………………………………………………………………………. 12 1.1 Background………………………………………………………………………………………….. 12 1.2 Objectives of the Workshop………………………………………………………………………… 12 1.3 Organization of the Workshop………………………………………………………………………. 13 1.4 Topics of the Workshop……………………………………………………………………………... 13 2. RECENT WGRISK ACTIVITIES PRECEDING ORGANIZATION OF THE WORKSHOP………. 16 2.1 WGRISK workshop on seismic hazards PSA………………………………………………………. 16 2.2 WGRISK survey project on non-seismic external events…………………………………………... 17 2.3 WGRISK broad survey project on PSA use and development……………………………………... 18 2.4 WGRISK most recent activities related to the area of external events PSA……………………….. 19 3. SUMMARY OF THE WORKSHOP ON PSA OF NATURAL EXTERNAL HAZARDS…………... 22 3.1 Opening Session…………………………………………………………………………………….. 22 3.2 Session 1 – Analysis of natural external hazards potential…………………………………………. 24 3.3 Session 2 –Specific features of analysis and modeling of particular external hazards…………….. 26 3.4 Session 3 – Practices and research efforts on natural external events PSA………………………... 27 3.5 Session 4 – Modeling of NPP response to natural external events in PSA………………………… 28 3.6 Session 5 – Seismic risk analysis…………………………………………………………………… 29 3.7 Session 6 – Use of external events PSA with the focus on regulatory body role………………….. 31 3.8 Facilitated discussions……………………………………………………………………………… 33 4. CONCLUSIONS AND RECOMMENDATIONS MADE IN THE WORKSHOP…………………… 40 4.1 Status of EE-PSA including recent developments………………………………………………….. 40 4.2 Challenges in external analysis methods and organization…………………………………………. 42 4.3 General conclusions regarding future role of WGRISK……………………………………………. 43 5. REFERENCES………………………………………………………………………………………….. 45
APPENDICES 1. LIST OF PARTICIPANTS 2. WORKSHOP AGENDA 3. PAPERS/PRESENTATIONS
7 NEA/CSNI/R(2014)9
8 NEA/CSNI/R(2014)9
EXECUTIVE SUMMARY
The Fukushima Dai-ichi accident triggered discussions about the significance of external hazards and their treatment in safety analyses. In addition, stress tests results have shown vulnerabilities and potential of cliff-edge effects in plant responses to external hazards and have identified possibilities and priorities for improvements and safety measures' implementation at specific sites and designs.
In order to address these issues and provide relevant conclusions and recommendations to CSNI and CNRA, the CSNI Working Group on Risk Assessment (WGRISK) directed, in cooperation with the CSNI Working Group on Integrity and Ageing of Components and Structures (WGIAGE), a workshop entitled “International Workshop on PSA1 of Natural External Hazards Including Earthquakes”, hosted by UJV Rez, on June 17-19, 2013, in Prague, Czech Republic.
The key objectives of the workshop were to collect information from the OECD member states on methods and approaches being used, and experience gained in probabilistic safety assessment of natural external hazards, as well as to support the fulfillment of the CSNI task on “PSA of natural external hazards including earthquakes.” These objectives are described more in detail in the introduction in Chapter 1 of this report.
The workshop was built upon previous relevant WGRISK and WGIAGE activities, including a Specialists Meeting on Seismic Probabilistic Safety Assessment (SPSA) of Nuclear Facilities (2006, Jeju Island, Korea), Workshop on Recent Findings and Developments in Probabilistic Seismic Hazards Analysis (PSHA) Methodologies and Applications (2008, Lyon, France), a report on Probabilistic Safety Analysis (PSA) of Other External Events Than Earthquake (2009) and other activities and publications. The WGRISK activities preceding the workshop and leading to the decision to organize it are described in Chapter 2 of this report.
The focus of the workshop was on external events PSA for nuclear power plants, including all modes of operation. The workshop scope was generally limited to external, natural hazards, including those hazards where the distinction between natural and man-made hazards is not sharp (e.g., external floods caused by dam failures). The participation was open to experts from regulatory authorities and their technical support organizations, research organizations, utilities, nuclear power plant (NPP) designers and vendors, industry associations and observers from OECD NEA member countries. The detailed information about the presentations, discussions, and results of the workshop is presented in Chapter 3 of this report.
Some general conclusions were agreed on during the workshop, which are presented in the following paragraphs.
The lessons learned from the Fukushima Dai-ichi reactor accidents and related actions at the national, regional, and global level have emphasized the importance to assess risks associated
1 In this report, the terms Probabilistic Safety Analysis (PSA) and Probabilistic Risk Analysis (PRA) are used interchangeably.
9 NEA/CSNI/R(2014)9
with external hazards, including combinations of those hazards, and their impacts. It is important that such an analysis covers not only individual plant units, but also the site as a whole, including all dependent effects and impacts.
While systematic approaches for addressing external hazards in PSA currently exist and there is a well-developed state-of-practice (e.g., with respect to external flooding, seismic, high winds), additional work is needed; for example, the use of conservative approaches to address uncertainties might be practical, but more realistic evaluations provide better view on the real problems.
Some methods and guides are available for seismic hazard determination, identification of external hazards, screening2 of external events for detailed consequence analysis, including several lists of screening criteria. However, additional development is also needed in area of consensus standards and guides; for example IAEA continues developing the methodological support for external hazards analysis.
The major areas of concern in external hazards studies are:
1. Scope of the PSA for external events in terms of plant operation regimes (e.g., full power, low power and shutdown operational states),
2. Combinations of external hazards impacts,
3. Multi-unit impacts, and
4. Screening procedure for site specific hazards.
The following are significance technical/methodological challenges for external hazard PSA:
1) Fragility analysis of non-seismic external hazards,
2) Correlation effects and consequent damage scenarios,
3) Human Reliability Analysis (HRA) for external events PSA,
4) PSA mission times for long-term external event scenarios, and
5) Significance and magnitude of the effects of climate changes on the hazard frequencies and magnitudes.
The following aspects are considered to be important good practice attributes for external hazard modeling in PRA:
1) Critically challenging assumptions,
2) Calibrating models,
2 In this context, the term screening refers to a systematic process that distinguishes items that should be included or excluded from an analysis based on defined criteria.
10 NEA/CSNI/R(2014)9
3) Accounting for underlying physical processes,
4) Fully treating dependencies,
5) Involving multidisciplinary teams, and
6) Promptly and broadly disseminating information.
Recognizing the impetus for action provided by actual operational events (including the Fort Calhoun flooding3 as well as the Fukushima Dai-ichi reactor accidents), it has been noted that WGRISK can provide stronger (and better-focused) cases for action by increasing its use of operating experience feedback. Among other things, this could imply strengthening ties with associated international working groups, particularly the NEA/Committee of Nuclear Regulatory Authorities (CNRA) Working Group on Operating Experience (WGOE).
An additional action for WGRISK suggested by our review concerns the tracking of past recommendations. It appears that increased efforts by the WGRISK leadership to systematically track and dispose report recommendations would help ensure that each task performed by the group more strongly supports the group’s overall objectives, and would help WGRISK improve its strategic planning processes.
Detailed information about the conclusions made during the workshop is presented in Chapter 4 of this report.
3 See U.S. Nuclear Regulatory Commission Event Notification Number 46929, dated June 6, 2011 for additional information (http://www.nrc.gov/reading-rm/doc-collections/event-status/event/2011/20110606en.html#en46929 )
11 NEA/CSNI/R(2014)9
1. Introduction
1.1 Background
External hazards (both natural and man-made ones) have been addressed in many past PSAs. Nevertheless, the Fukushima Dai-ichi reactor accidents have raised many questions, including the probabilistic treatment also of combined causal or consequential hazards, the treatment of plant response (including the possibility of multi-unit effects, of extended duration scenarios, and of post-core damage complications affecting accident management), and the identification and assessment of effective mitigation strategies and accident management measures. Moreover, there are large variations across member countries regarding requirements and practices.
In order to address these issues and provide relevant conclusions and recommendations to CSNI and CNRA, the CSNI Working Group on Risk Assessment (WGRISK) directed, in cooperation with the CSNI Working Group on Integrity and Ageing of Components and Structures (WGIAGE), a workshop entitled “International Workshop on PSA of Natural External Hazards including Earthquakes”, hosted by UJV Rez, on 17-19 June 2013, in Prague, Czech Republic.
The workshop focusing on natural external hazards facilitated the discussion of these issues and the identification/promotion of good practices. In doing so, it supported the treatment of specific concerns raised in:
A recent CNRA Senior Task Group on the impact of the Fukushima Dai-ichi reactor accidents regarding risk assessment of external initiating events, technical approaches for assessing external hazards other than earthquake, such as tsunami, tornados, floods, etc., and
NEA documents in terms of initiating event assessment, identification of cliff-edge effects, assessment of accident management approaches, etc.
The workshop was built upon previous, relevant WGRISK and WGIAGE activities, including a Specialists Meeting on Seismic Probabilistic Safety Assessment (SPSA) of Nuclear Facilities (2006, Jeju Island, Korea), Workshop on Recent Findings and Developments in Probabilistic Seismic Hazards Analysis (PSHA) Methodologies and Applications (2008, Lyon, France), and a report on Probabilistic Safety Analysis (PSA) of Other External Events Than Earthquake (2009) [1], [2], [3]. The workshop was also coordinated with relevant international workshops and conferences, notably the Probabilistic Safety Assessment and Management (PSAM) Topical Conference held on April 15-17, 2013 in Tokyo, with a focus on the Fukushima event, as well as with relevant IAEA activities (e.g., the recent initiative to expand the current TECDOC on PSA quality to include internal and external hazards). It was expected that the workshop output would be also useful to the CNRA Working Group on Regulation of New Reactors as it develops a report on siting for new reactors. The results of the workshop are also likely to be useful to the recently established CSNI Task Group on Natural External Events (TGNEV).
1.2 Objectives of the Workshop
As stated in the CSNI Activity Proposal Sheet (CAPS) WGRISK (2012)-1, “Workshop on PSA of Natural External Hazards Including Earthquakes”,” the key objectives of the workshop were to collect information from the OECD member states on methods and approaches being used and experience gained in probabilistic safety assessment (PSA) of natural external hazards.
12 NEA/CSNI/R(2014)9
The main objectives of the CSNI task have been defined as follows:
to share methods, good practices and experiences among member states on PSA analysis for natural external hazards,
to support assessment of current state of probabilistic analyses of natural external hazards,
to support re-evaluation of PSAs for natural external hazards, in particular as a tool to address the lessons to be learned from the Fukushima Dai-ichi reactor accidents,
to evaluate use of PSA in identification/justification of appropriate mitigation and accident management measures in the frame of post stress test implementation programmes,
to identify new potential topics for further WGRISK and WGIAGE activities in this area.
The information obtained as a result of the workshop should give better understanding and interpretations of subjects, topics and issues connected with external hazards analysis. This report comprising comments on good practices and experiences in member states, including lessons learned from the experience of the Fukushima Dai-ichi reactor accidents, was prepared based on information presented and discussed during the workshop.
1.3 Organization of the Workshop
The focus of the workshop was on external events PSA for nuclear power plants (NPP), including all modes of operation. The workshop scope was generally limited to external, natural hazards, including those ones, where the distinction between natural and man-made hazards is not sharp (e.g., external floods caused by dam failures); see also the List of External Hazards in ANSI/ANS-58.21-2003 [4]. Fires (including external fires) were not included in workshop scope, because Fire PSA was the subject of a separate planned WGRISK workshop1.
The main part of the workshop (June 17-19, 2013) included an opening session, technical sessions devoted to technical presentations made by the participants on the topics outlined below, facilitated discussion sessions, and a concluding session. All of the workshop participants were welcomed to take part in the discussions and to formulate conclusions and recommendations. On Thursday June 20, 2014, a specific writing session restricted to the session chairs/co-chairs was organized with the goal to prepare an initial draft of this report, which would summarize the important ideas declared during the workshop and would provide a list of conclusions and recommendations for identifying possible further actions of WGRISK and WGIAGE.
1.4 Topics of the Workshop
The workshop scope included the following topics:
Analysis of natural external hazards potential
o Process of identification, screening and grouping of external events,
1 Under CAPS WGRISK (2012)-2, “Workshop on FIRE PRA in Member Countries,” a workshop is to be held in April 2014 in Garching, Germany on the state-of-the-art methods for quantitative fire risk assessment of NPPs and associated applications
13 NEA/CSNI/R(2014)9
o Estimation of potential for external event occurrence, including specific features of estimating the frequency of low probability events related to meteorological hazards of very high intensity (extrapolations from available data),
o Potential of consequential events/hazards,
o Potential of the occurrence of events caused by combined external hazards or by combinations of external and internal hazards,
o Treatment of uncertainties in hazard assessment,
o Data on natural hazards;
Analysis and modeling of NPP response to natural external events – general common features
o Analysis and modeling of plant response to external hazards (including fragilities of systems, structures, and components (SSC)),
o Treatment of multiunit effects of external hazards (including effects on onsite spent fuel and waste storage facilities),
o Analysis of local and broad effects of external hazards, including long-term loss of the electrical grid and the final heat sink,
o Addressing specific features of plant operation regimes in analysis and modeling (including low power and shut down operations),
o Evaluation of the effectiveness of measures to be taken in anticipation of gradually developing external hazards,
o Human factors in plant response to external events (including effects of multiple units and events combinations),
o Approaches to extended duration scenarios involving external events, (including events involving a stabilized but damaged plant),
o Modeling of plant response to the events caused by combined external hazards,
o Level 2 PSA aspects of external hazards risk analysis including evaluation of accident management measures in case of external events,
o Treatment of uncertainties and sensitivity analysis in PSA for external hazards,
Specific features of analysis and modeling of particular natural external hazards
o Specific features of seismic risk analysis (floor spectra, spatial interactions, associated hazards as seismically induced internal/external floods, fires, etc.),
o Specific features of flooding risk analysis (floods caused by dam failures, analysis of combined flooding loads - e.g., storm surge plus precipitation induced flooding, etc.),
14 NEA/CSNI/R(2014)9
o Modeling and quantification of risk related to specific meteorological external hazards (extreme winds/tornadoes and wind-driven missiles, extremely high/low temperature, extreme precipitation/snow, low water level, draught, lighting, sand storm, etc.),
o Modeling and quantification of risk related to other external hazards (electromagnetic inference, biological events, etc.),
Use of external events PSA in risk-informed decision making
o Applications of external events PSA methods and models in regulatory oversight,
o Use of external events PSA in risk-informed safety management by the licensees and other non-regulatory applications of external events PSA,
o Treatment of external events PSA uncertainties in risk-informed decision making,
Fukushima Dai-ichi reactor accidents – lessons learned and measures (to be) taken
o Re-assessment of external hazards risk in view of Fukushima accident,
o How external events PSA is being used in the implementation process of appropriate safety measures following the Stress Tests or other NPP re-assessments,
o New standards development (an example - Tsunami PRA Standard development by the Atomic Energy Society of Japan).
The participation was open to experts from regulatory authorities and their technical support organizations, research organizations, utilities, NPP designers and vendors, industry associations and observers.
15 NEA/CSNI/R(2014)9
2. Recent WGRISK Activities Preceding Organization of the Workshop
Prior to the Fukushima Dai-ichi reactor accidents in March 2011, WGRISK had sponsored or co-sponsored a number of PSA related activities. These activities also included several projects and workshops, which were completely or partially devoted to external events risk:
A 2006 workshop on seismic hazards and PSA (co-sponsored with the CSNI Working Group on Integrity of Components and Structures – WGIAGE) [1],
a 2008 survey project addressing the treatment of non-seismic external events in PSA [3],
a periodic survey of member country uses of PSA (last updated in 2012 based on information collected in 2010) [5].
During its 2006 Annual Meeting, WGRISK held an organized technical discussion on the PSA treatment of non-seismic external events. This discussion resulted from the need to review external hazards PSAs for both existing and new reactors. Other motivating factors were the potential implications of recent natural catastrophes, not only for nuclear energy, but across technologies and ongoing discussions concerning climate change. As a result of this technical discussion, WGRISK, with CSNI approval, initiated several projects during the next years, in which the issue of external hazards/events risk played a major or at least significant role.
The description of the most important WGRISK activities in the following paragraphs is based on the information presented in the paper [6].
2.1 WGRISK Workshop on Seismic Hazards PSA
On November 6-8, 2006, WGRISK and WGIAGE held a jointly organized specialist meeting on Seismic PSA for nuclear facilities. The meeting, which was held in Jeju, Korea, was co-sponsored by the OECD/NEA, the IAEA, the Korean Atomic Energy Research Institute (KAERI), and the Korea Institute of Nuclear Safety (KINS). For WGRISK, this meeting represented the latest in a series of activities on seismic PSA, including the development of a state of the art report in 1998 [7], a workshop held in Tokyo in 1999 [8], and the writing of a technical opinion paper in 2002 [9].
The main objectives of the meeting were to review recent advances in the methodology of seismic PSA, to discuss practical applications, to review the current state of the art, and to identify methodological issues where further research would be beneficial in enhancing the usefulness of the methodology. The meeting also included discussions of the Seismic Margin Assessment (SMA) methodology. The topics covered by the meeting included the regulatory framework for and objectives of seismic PSA (and SMA), lessons learned from such studies, and seismic PSA methodological issues. The meeting also included extended discussions on seismic hazard and fragility analyses.
The participants in the meeting agreed that seismic PSA was in widespread use by plant designers, operators and regulators, that applications were increasing (as compared to the situation in 1999), and that seismic PSA may contribute to understanding of seismic risk, understanding of the significance of design shortfalls, prioritizing improvements, evaluating and improving regulations, and modifying plant design bases.
Methodological weaknesses of current seismic PSA were identified during meeting in Jeju in three important areas:
16 NEA/CSNI/R(2014)9
Probabilistic seismic hazard analysis – PSHA (with emphasis on the analysis of areas with low- to-moderate seismicity),
Human reliability analysis (HRA) in seismic PSA (including both physical effects, e.g., equipment damage, loss of local and site access, consequential fires, multiple unit impacts; and mental effects, e.g., conflicting organizational goals, staff concerns with family impacts, etc.),
Correlations between the fragilities of systems, structures, and components treated in seismic PSA (notably the difficulties in assessing such correlations).
According to the recommendations of the Jeju Workshop, WGIAGE organized a workshop on Recent Findings and Developments in Probabilistic Seismic Hazards Analysis (PSHA) Methodologies and Applications in Lyon, France in 2008 [2]
The key technical issues regarding the treatment of low likelihood/high consequence natural events and of operator actions, illustrated later by the Fukushima Dai-ichi reactor accidents and post-accident investigations, were identified as challenges already in this meeting. Two papers regarding multi-unit seismic PSA [10], [11] provided demonstrations of practical approaches focused on propagating the correlation of seismic hazards and fragilities leading to the conclusion that upcoming analyses would need to extend the presented approaches to address modeling concerns illustrated later by the Fukushima Dai- ichi reactor accidents, including direct interactions between units and human related interactions. The meeting also included a paper on the treatment of seismic aftershocks [12], similarly to the case of the multi-unit analyses representing an advance on a difficult topic.
The meeting did not make significant mention of seismically induced tsunami, but this topic, which was identified as important at a 2005 workshop on external flooding hazards organized by the IAEA (see [13]) remained of interest for the next WGRISK activities. On the other hand, although the meeting papers made little mention of HRA for seismic PSA, important HRA challenges were discussed during the meeting and became a key element for future development.
2.2 WGRISK Survey Project on Non-seismic External Events
The objective of the project, which is described in detail in the final report [3], was to review the methods for risk analysis of off-site external events other than earthquake as well as the results and the insights developed in these analyses in order to present a basis for advances in the area. The project scope was limited to non-seismic external events to avoid overlap with the WGRISK activity on seismic PSA discussed in the previous chapter. It did, however, include seismically generated tsunamis. As typical for WGRISK activities, the work involved the development and issuance of a questionnaire for WGRISK members and a number of meetings of principal task participants.
The questionnaire included 17 questions (two questions added later) addressing such matters as regulatory requirements, the scope of analyses, analysis methods, and results. Responses were received from 12 countries: Belgium, Canada, Chinese Taipei, Finland, France, Germany, Japan, Korea, Mexico, the Slovak Republic, Switzerland, and the United States. The final report was prepared for CSNI approval in March 2009.
Based on the questionnaire responses and subsequent discussions, the project participants concluded that external events were playing an increasing role in PSA and that there was a general trend in regulatory requirements towards consideration of all hazard categories (internal and external). Detailed analyses for some plants have shown that the contribution from non-seismic external events can be significant. The
17 NEA/CSNI/R(2014)9
frequency and intensity of extreme weather events, and consequently their risk significance, may be affected by natural climate variability and by human-induced global warming.
The main general report’s recommendations were to follow research on climate change and its effects (including potential effects on nuclear power plants, such as those being studied by IAEA), to re-evaluate the situation on external events PSA in a few years and to encourage analysis of operational events caused by external hazards.
With respect to the methods and practice of PSA, the report identified and discussed most of the PSA- related technical issues later highlighted by the Fukushima Dai-ichi reactor accidents, including:
the potential hazard posed by tsunamis (and, in particular, seismically-induced tsunamis),
the combined treatment of external hazards associated with a single event,
the estimation of the frequency-magnitude relationship for extreme phenomena, including associated uncertainties,
the treatment of dependent failures caused or influenced by an external event,
the effects of external hazards on plant operators,
multi-unit effects and,
modelling very long duration scenarios.
As can be seen from the detailed information about the Prague workshop, which is the main issue of this report, most of the early identified topics became an important issue of the discussions in Prague.
2.3 WGRISK Task on PSA Use and Development
The results of information exchange during the WGRISK annual meetings, complemented by a detailed questionnaire, have been compiled in a CSNI report entitled “The Use and Development of Probabilistic Safety Assessment” first issued in 2002 [14], then updated in 2007 [15] and in 2012 [4]. The task was carried out in cooperation with the IAEA thus providing better overview on PSA worldwide. The area of external events was also covered by the report to some extent – both in the common part (general conclusions) and in the quoted contributions of the individual participants in the effort.
For the most recent edition, detailed responses were prepared by about 20 countries on the following important PSA aspects: PSA framework and environment, numerical safety criteria, PSA standards and guidance, status and scope of PSA programs, PSA methodology and data, PSA applications, results and insights from PSA, future development and research (most of them also including the case of external events analysis). The compilation provides reference information to both PSA practitioners and others involved in the nuclear industry. Appendix A of this unique compilation characterizes the scope and use of PSA performed for each plant in most of the WGRISK member countries (including the extent to which specific PSA developed for operating NPPs address the external hazards).
It should be noted that the contents of this report were generated either prior to the March, 2011 accidents at the Fukushima Dai-ichi nuclear power station or as the accidents were unfolding (and related information was still developing). Although some important details about the accidents are still unknown,
18 NEA/CSNI/R(2014)9
it is clear that lessons from the accidents raise challenges to the use and development of PSA in WGRISK member countries.
Several insights were drawn from the updated report, particularly oriented to the extensions of the scope of the PSAs performed in the member countries (including the area of external hazards). It appears that many countries are heading towards a ”Living PSA” including both Level 1 and Level 2, for both full power and shutdown plant operational states, and both internal and external hazards and events.
The following general remarks noted in the report can be seen as important for characterization of situation in PSA development and applications worldwide (with specific focus on external events):
All the PSA developments and applications already described in the previous versions of the report are still valid and regularly improving/increasing. This applies to the importance of the PSA framework, the number of studies carried out, the PSA scope (including assessment of external hazards), the number of applications (for design and operation safety improvements), and the volume of ongoing research. It can be noted that although PSA methods and applications have made real progress during these last years a significant level of development is still in progress.
The development of new and advanced designs has led to a more rapid development in particular fields. Examples include the definition of a more formal framework, more precise safety goals, efforts relating to the importance of external hazards and to new specific problems like reliability of digital systems and reliability of passive systems. A tendency towards harmonization (in goals and approaches) clearly appears (significantly supported by IAEA effort).
WGRISK was expected to use the results of this report, as moderated by Fukushima response activities, to monitor the conduct of its ongoing activities, and to promote and implement new international collaborative efforts within the framework of the CSNI.
The survey report and its predecessors routinely discuss key topic areas highlighted by real accidents. For example, it provides an overview of research and development activities conducted by the members and other participating countries in such relevant areas as external hazards analysis (also mentioning ongoing, pre-2011 work regarding probabilistic tsunami hazard assessment), HRA, Level 2 PSA, and Level 3 PSA. Although details are not provided, the descriptions are sufficient to indicate areas of emphasis or lack thereof. For example, the descriptions appear to indicate that particular combinations of topics (e.g., HRA for particular external events) had not been emphasized by national programs up to new.
The aim of the PSA use and development report was to give an overview of the existing situation. However this overview with real examples is useful for encouraging further scope extension, especially for new plants. For future updates of the report, WGRISK is planning to identify what would be the impact of the Fukushima accident on PSA use and development in member countries, in order to share and to support the most interesting practices. Particular attention would be given to post-Fukushima plant safety modifications (many of them addressing external events scenarios) underlined by PSA results.
2.4 WGRISK Most Recent Activities Related to External events PSA
In consideration of insights and lessons learned from the Fukushima Dai-ichi reactor accidents and subsequent national stress tests, WGRISK has performed a number of tasks. One of them was the preparation of the workshop on “PSA of Natural External Hazards Including Earthquakes”, which is the main topic of this report. The objectives of this workshop were defined based on concise discussions regarding the significance of external hazards and their treatment in safety analyses. Additional
19 NEA/CSNI/R(2014)9
background has been provided by the stress tests results, which have shown vulnerabilities and the existence of cliff-edge effects in plant responses to external hazards and have identified the potential and priorities for improvements and safety measures for specific sites and designs.
It was discussed and decided that the workshop would focus on natural hazards and would facilitate the discussion of these issues and the identification and promotion of good practices. The main objectives of the workshop were proposed as:
to support assessment of current state of probabilistic analyses of natural external hazards and combinations of these with other hazards and initiating events,
to support re-evaluation of PSAs for natural external hazards, in particular as a tool to address the lessons to be learned from Fukushima accident,
to evaluate use of PSA in identification or justification of appropriate mitigation and accident management measures in the frame of post stress tests implementation programmes, and
to share methods and good practices and experiences among member states on PSA analysis for natural external hazards, in particular on accident mitigation measures.
The June 2013 Prague workshop on external hazards did not address Fire PSA as this is a topic of a parallel WGRISK activity. An international workshop on Fire PSA in Member Countries will be held in April 2014 and hosted by GRS in Garching, Germany, as a follow-up of a former WGRISK activity. This workshop will be the latest in a series of WGRISK activities on that topic, including a state-of-the-art report developed in 2000 [16] as a result of the first WGRISK workshop on fire risk [17], and a Technical Opinion Paper on the subject [18].
The first fire workshop [17] clearly demonstrated the need for continually improving methods and data for fire risk assessment. A follow-up workshop, carried out again as a WGRISK task in 2005, provided insights on the developments and the progress reached at that time. However it also demonstrated that there were still challenges in predicting fire risk, and this resulted in several fire related activities the Nuclear Energy Agency (NEA). The reactor accidents at Fukushima Dai-ichi and the consequential stress tests have increased the already strong level of attention on dependent hazards (including fire), and have strengthened discussions on addressing event combinations (e.g., seismically -induced fires) in safety analyses including PSA. In this way, the area of external hazards was strongly cross-connected with fire risk analysis issues.
Main objective of the newly planned workshop on Fire PRA is to develop recommendations regarding a potential future update of the state-of-the-art report on fire risk analysis including further development of methods for fire risk analysis, collection of operating experience and processing of data to be used in Fire PRA applications. This covers in particular supporting probabilistic assessment of fire events during all plant operational states from start of operation up to the longer lasting post-commercial operating phases and re-evaluation of fire PSA, e.g. as a tool to address the lessons learned from the post-Fukushima investigations and stress tests with respect to fire hazards and, particularly, their combinations with other external hazards.
Finally, it should be pointed out that WGRISK will be starting another external hazards related activity on PSA insights relating to the loss of electrical sources. The motivation for this activity is provided, in part, by post-Fukushima discussions on defense-in-depth and the importance of ensuring the robustness of safety functions (especially electrical sources and heat sink). WGRISK considers that PSA is an excellent tool for providing insights related to the potential consequences (e.g., core damage, large releases) of the loss of a function, and relating the defenses aiming to avoid these consequences with a quantitative
20 NEA/CSNI/R(2014)9
appreciation of their importance. The use of (external events) PSA results could provide a useful measure of defense-in-depth in case of loss of a safety function. The new WGRISK activity will survey member countries and other participating organizations on specific aspects of this topic.
The main PSA issues identified within recent WGRISK efforts have been strongly connected with the external events issues. These issues have included:
the hazards and likelihoods of extreme natural phenomena (including seismically induced tsunamis),
the combined treatment of all external hazards associated with an external event,
the treatment of dependent failures caused or influenced by an external event,
the effect of external hazards on plant operators and severe accident mitigation,
multi-unit effects.
Moreover, in the CSNI framework, WGRISK could provide a contribution to the newly created Task Group on Natural External Events for including a risk aspect.
21 NEA/CSNI/R(2014)9
3. Summary of the Workshop on PSA of Natural External Hazards
The workshop included an opening session, six sessions with participant presentations followed by short discussion, and two facilitated discussion sessions. The contributions presented were devoted to new methodological developments, projects with external hazards analysis activities, interesting aspects of external hazards analysis and expected challenges for future analyses.
3.1 Opening Session
The opening session consisted of three presentations:
N. Siu (NRC, USA): Overview Notes: Workshop on Probabilistic Flood Hazard Assessment (PFHA) and PSAM Topical Conference in Light of the Fukushima Dai-ichi Accident,
K. Hibino (IAEA): Safety Assessment of Multi-unit NPP Sites Subject to External Events,
J. Misak (UJV Rez, Czech Republic): Lessons learned from the EU Stress Test Evaluations with Regard to External Hazards.
The aim of the first presentation was to present objectives and main observations from two recent important events:
a multi-agency PFHA workshop, which was organized by the NRC in Rockville, MD, USA on 29-31 January 2013 with the aim to share information on extreme flood assessments and PSA, and to discuss ways to develop PFHA for PSAs; this workshop highlighted commonalities between the PFHA and PSA communities, the complementarity between deterministic and probabilistic approaches, the need for multi-disciplinary teams, and the need for imagination when performing PFHA; and
the PSAM Topical Conference held in Tokyo, Japan, on April 15-17, 2013 and dedicated to sharing lessons and on-going activities relevant to the Fukushima Dai-ichi reactor accidents; in particular the lessons for safety professionals and risk-informed decision makers (e.g., the need to challenge assumptions and to listen to experts and interact with international community).
One notable observation was the recurring nature of some of these issues as many relevant conclusions had been made following previous operating events (e.g., after the Blayais flooding event in 1999) [19]. For example, the Blayais event highlighted the possibility that a common mode of degradation of the safety level could simultaneously impact all the units at a site, weaknesses in the site protection against external flooding and the need to manage the release of water collected in the flooded facilities. This underscores the need to fully consider the lessons learned from operating experience.
The general objective of the second presentation was to discuss the need to develop, within the IAEA’s extrabudgetary effort, detailed guidance, methods and tools for assessing multi-unit site safety against multiple external hazards, in particular to establish a framework for conducting a PSA of external hazards affecting a multi-unit site. It was pointed out that the following known technical issues are not supported by the existing guides:
identification of initiating events (IEs) that impact more than one unit,
modelling of plant response to external events, in general,
22 NEA/CSNI/R(2014)9
treatment of common cause failure (CCF),
treatment of HRA,
treatment of fragility correlation for single and multiple hazards,
definition of risk metrics.
A flow chart for overall approach was presented, starting from selection of PRA and risk metrics up to combination of event sequence frequencies and consequences into Level 3 risk metrics. During the discussion, the importance of coordination of research and application effort was addressed (including coordination of activities with IAEA).
The last presentation was oriented to critical review of the lessons learned from the European Union (EU) Stress Test focusing on NPP robustness against external hazards. These lessons addressed:
organization of the stress tests,
scope and objectives of the stress tests,
peer review findings, recommendations and implications on the design in the area of external hazards,
further studies recommended in the area of external hazards and PSA,
relevant research areas identified by the SNETP Task Group in response to Fukushima accident.
Some important conclusions were made in the final part of the presentation:
Vulnerability to the Fukushima Dai-ichi reactor accidents caused by external hazards and including their secondary effects was underestimated,
Lessons learned from Fukushima Dai-ichi reactor accidents, from the EU Stress Test and from peer reviews are to be reflected in safety improvements of operating plants and considered in new designs,
while no completely new phenomena were revealed from the Fukushima Dai-ichi reactor accidents, improvements in specific research areas (including external hazards and use of PSA) should be considered with high priority,
These three presentations showed that efforts had been devoted to address at national and at international levels the lessons from Fukushima Dai-ichi accident, in particular in the area of external hazard PSA. While these efforts are noteworthy, they have demonstrated the technical and resource challenges associated with this area. Therefore, continued coordination at the international level is recommended to coordinate these efforts in order to optimize resources and technically address the topic of “External Hazard PSA” taking into account lessons learned from the Fukushima accident and subsequent complementary safety assessment.
23 NEA/CSNI/R(2014)9
3.2 Session 1 - Analysis of Natural External Hazards Potential
Four papers were presented in Session 1. Two papers focused on the identification and screening of relevant hazards and their combinations, One of them (J. Helander, Fennovoima) treated a new site while the other one (H. Kollasko, AREVA) was more general. These papers had similarities in the approach described. One paper treated seismic hazard assessment for NPP sites (L. Pecinka, UJV Rez) and one paper described a mathematical method for estimating the probabilities of a combination of correlated external hazards (L. Burgazzi, ENEA).
The first paper was presented by L. Burgazzi, ENEA, Italian National Agency for New Technologies, Energy and Sustainable Economic Development, and the topic of it was “Implementation of PSA models to estimate the probabilities associated with external event combination”. In the light of the Fukushima accident, correlated hazards are of special interest in PSA for external hazards. A mathematical method for modeling correlations was proposed in the presentation and an illustrative example was presented. The method is based on joint probability distributions and covariance matrices.
The second paper was presented by J. Helander, Fennovoima Oy, Finland with the topic “External hazard identification, screening and studies for a new plant site”. The process of screening external hazards for a new NPP site in northern Finland was described. The paper presented a list of Finnish and international guides and standards useful in evaluating external hazards, including, among others, Finnish regulatory YVL Guides, IAEA Safety Guides, and ASME standards. In addition, a methodology was presented how to identify and screen in/out site-specific hazards in new nuclear power plant project. Applying the screening criteria to a list of about 60 external hazards resulted in list of 12 relevant events for the Hanhikivi site requiring further studies.
The third paper was presented by H. Kollasko, AREVA and the topic of it was “Probabilistic Analysis of External Events with Focus on the Fukushima Event”. The external event screening analysis was described in the paper as a method to evaluate the design against external hazards and especially beyond design external hazards. As a result of the screening analysis, those external hazards are identified, which need to be analyzed in detail as a Design Extension Hazards (DEH) either in the probabilistic safety analysis or by margin assessments to demonstrate robustness of the design.
The effects of single and combined external events need to be analyzed. In light of the Fukushima Dai-ichi reactor accidents, the focus has shifted to the identification of relevant combinations of external hazards for which the effect of the combination of events is more severe than a simple summation of the events taken individually due to additional correlated effects. However, identification of these event combinations can be hindered if certain external hazards are screened out early in the assessment process. Furthermore, when external hazards are screened out individually, these hazards are often omitted during data collection. From the perspective of identification of potential relevant event combinations, this lack of data may constitute a drawback as vital information may not be available. It is therefore important to ensure that the full spectrum of hazards is included in the process of analysis of combinations. However, it was noted that some guidelines do not allow screening of certain hazards, especially earthquakes, as these hazards are applicable to nearly all sites and they are subject to specific regulations.
To cover an important case of a transient induced by combined hazards, the correlation mechanisms with the potential to induce hazards to the plant and effects on safety functions need to be investigated in detail. Because these types of accident sequences are often associated with a combination of low frequency external events, the screening process should consider the potential for inducing a large early release. Therefore, screening should be based on LERF (large early release frequency) and not on CDF (core damage frequency).
24 NEA/CSNI/R(2014)9
The effects of beyond design external events may aggravate the performance of possible accident management actions to cope with hazard induced unavailability of safety systems. Such actions are:
actions to refill water storages and fuel oil storages for beyond design mission times,
actions to start back-up systems,
actions to recover failed/damaged components.
In addition the Fukushima Dai-ichi reactor accidents have shown that the analysis of beyond design external hazards must take into account severe damage on the plant infrastructure and the public infrastructure for the analysis. Offsite support, e.g. delivery of diesel fuel oil or make-up water, which is usually credited in safety analyses as available, may not be possible at all, or at least much more difficult to be managed.
As discussed by the author, a systematic approach to external events screening provides a means for early demonstration of plant robustness regarding external hazards and combinations of them. Site specific information e.g., data on strength and frequency of beyond design external events, is an important basic input to the external events screening analysis. This input is needed as early as possible for new projects in order to have any potential site specific issue taken into account in the early phase of the project and reflected in plant design. The experience from the ongoing projects has shown that it is not always possible to receive this information in adequate level of detail. As a consequence, the external hazards screening often involves engineering judgment. Caution has to be paid that the assumptions applied are properly documented to allow later check or revision, e.g., in the frame of periodic safety reviews.
The last paper was presented by L. Pecinka, UJV Rez, a.s. and the following topic was addressed “Seismic Hazard Assessment for NPPs in Czech Republic”. The Czech Republic is a country with a very low seismicity. For the evaluation of seismic hazards of two operating NPPs with VVER type reactors, the IAEA Safety Guide 50-SG-S1 “Earthquakes and associated topics in relation to nuclear power plant siting” [20] had been used and the peak ground acceleration value has been established as 0.1 g. However, a higher level of seismic safety for nuclear power plants is now required after the Fukushima event, which is reflected in the IAEA Safety Guide SSG-9 [21]. Safety Guide SSG-9 represents the collective knowledge gained from recent significant earthquakes and includes new methods for probabilistic seismic hazard analysis and strong motion simulation. This safety guide will be applied to new two units planned to be built on the Temelin site.
The following observations can be made on the basis of the presentations in Session 1, although generally applicable conclusions cannot be based just on four papers for such a wide topic:
Methods and guides are available for
seismic hazard determination,
identification of external hazards
• list of potential hazards,
screening of external hazards for detailed PSA
• lists of screening criteria,
25 NEA/CSNI/R(2014)9
mathematical treatment of probabilities of correlated hazards.
Identification of correlations between external hazards is important.
Useful hazard estimates can be determined with current methods.
However, hazard estimates are often little supported with site specific data.
Data is usually available for a period of the order of 100 years (or less).
Screening criteria typically approach the value of 1E-08/year.
Strong extrapolation using extreme value distributions inducing high uncertainty is necessary.
When engineering judgment is applied, the associated uncertainties have to be understood and addressed.
The information about the analyses of external hazard potential and on the related uncertainties, screening of hazards etc. was also included in more general papers presented in the other sessions, for example in
Estimation of frequency of occurrence of extreme natural external events of very high intensity on the base of (non)available data by J. Holý (ÚJV Řež) et.al. (Session 2),
Seismic Hazard Assessment and Uncertainties Treatment: Discussion on the current French regulation, practices and open issues by C. Berge-Thierry, CEA-Saclay, France (Session 2).
3.3 Session 2 - Specific Features of Analysis and Modeling of Particular Natural Hazards to be Improved
Four papers were presented in this session related to specific features of analysis and modelling of particular external hazards.
The first paper “Estimation of frequency of rare natural external events of very high intensity on the base of (non-)available data” by J. Holy (UJV Rez, Czech Republic), was devoted to the use of information from the design basis for natural external hazards for assessing initiating events frequency in PSA. Sparse historical data were analyzed with different probabilistic distributions and a Gumbel distribution was proposed as the best choice for the mathematical model of the potential to reach extreme parameters of high wind and heavy snow (in agreement with IAEA recommendations). The reason to select the distribution was that the other distributions under testing (three-parameters lognormal) provided unrealistic non-corservative estimates of parameters of external events with return period of 10 000 years. The conclusion is that the selection of probabilistic distribution and careful selection of the most suitable data source are important for more realistic assessment of external events frequency.
The second paper “External hazards in the PRA of Olkiluoto 1 and 2 NPP units - accidental oil spills” by L. Tunturivuori (TVO, Finland) presented the analysis of oil spills accidents with a functional and probabilistic approach (fault trees), taking into account the possible scenarios and the oil spills arrangements at Olkiluoto. This detailed approach led to a realistic assessment of the frequency and consequences of the oil spill event. It has made possible to evaluate the impact of the arrangements implemented by TVO, particularly to perform some safety improvements (installation of oil booms, automatic alarm).
26 NEA/CSNI/R(2014)9
The third paper “Current status and issues of external event PSA for extreme natural hazards after Fukushima accident” by In-Kil Choi (KAERI, Korea) outlined the important effort of Korean nuclear industry to improve the resistance of NPPs against large earthquakes and tsunamis. The paper described collection and use of specific data, risk assessment of the effects of several safety improvements, and research activities concerning earthquake and tsunami as well as other external hazards. The paper concluded that current more realistic assessment of external hazards risk allows evaluating the effective safety improvements notably after Fukushima.
The fourth paper “Realistic modeling of external flooding scenarios” by J. L. Brinkman (NRG, Netherlands) presented an analysis of external flooding in the Netherlands, with a detailed analysis of the real effects of the water level on flood protections (dikes, dunes, …), and the identification and probabilistic assessment of relevant scenarios. The analysis provided realistic evaluation of critical flooding level and the effects of protection measures. The paper provided a detailed discussion of important flooding induced failure modes of protective systems (not just overtopping) and pointed out a number of drawbacks of deterministic approaches to flooding protection, observing that scenarios involving less than design basis flooding levels could be important contributors to risk.
Although very different in scope and topics, these four papers had similarities in the objectives. The main idea was to develop methods and studies aiming to obtain more realistic risk assessments, neither too optimistic nor too conservative. These more realistic evaluations provide a better view on the real problems and also a better view on the impact of safety improvements. In fact, some safety improvements could not be covered with a too simplified and conservative approach (protection against oil spills in Finland, against tsunami in Korea, against external flooding in the Netherlands).
3.4 Session 3 - Practices and Research Efforts on Natural External Hazards PSA
There were four presentations in this session, one presentation by U.S. NRC, one presentation by GRS from Germany and two presentations by IRSN from France.
N. Siu from U.S. NRC made a presentation titled “Consideration of external hazards and multi-source interactions in the U.S.NRC’s site level 3 PSA project”. U.S.NRC launched a project in September 2011 to evaluate the total risk at a selected reference NPP (the Vogtle plant) according to the entire initiators, including external hazards. The scope of this risk evaluation was given as “reactor in all operational modes, including full power, low power and shutdown modes, spent fuel pool and dry cask storage, where all the internal and external hazards are considered”. As part of this study, an Integrated Site Risk Analysis (ISRA) addressing the combinations of and interactions between the different sources of radiological risk (reactors, spent fuel pool (SFP), dry casks) is underway. A number of modeling and implementation challenges were identified. The former include the problem of combinatorial explosion associated with the need to treat multiple sources over extended periods of time.
S. Sperbeck from GRS made a presentation titled “Recent research on natural hazards PSA in Germany and future need”. The German PSA Guide and its supplementary technical documents on PSA methods and data require PSA to be carried out within the periodic safety review (PSR). Since 2005, this also covers probabilistic analyses for some internal and external hazards. After the Fukushima Dai-ichi reactor accidents, it has been recommended that the safety assessment of a NPP does also contain a comprehensive Level 1 PSA for all internal and site-specific external hazards, so-called Hazards PSA (HPSA) and a methodology to perform HPSA is being developed accordingly. A systematic method aimed at identifying important hazard combinations and associated dependencies among PSA initiating events was presented. Hazard Equipment Lists (HEL) and Hazard Dependency Lists (HDL) were introduced, as a part of the new methodology, for all hazards which have to be analyzed in detail. These lists are used for a systematic (and partly automatic) extension of the fault trees in the Level 1 PSA quantification model.
27 NEA/CSNI/R(2014)9
P. Dupuy from IRSN made a presentation titled “Treatment of the loss of ultimate heat sink initiating events in the IRSN PSA”. The total loss of ultimate heat sink event was recognized to be induced by external hazards and affecting all the site’s units, considering the event at Cruas-4 in 2009 and the Fukushima Dai-ichi reactor accidents. The PSA model for total loss of ultimate heat sink was updated to reflect such items as longer recovery time of the heat sink, multi-unit impact, associated design improvement and symptom-based emergency procedures. After this update, the core damage frequency for the initiating event “loss of heat sink during full power operation" was reduced from 6.1E-06/r.y. to 5.5E- 07/r.y. The dominant accident sequence in the updated PSA corresponds to exhaustion of the secondary water reserves before heat sink recovery, which is a sequence involving multi-unit considerations and models.
G. Georgescu from IRSN made a presentation titled “PSA modeling of long-term accident sequences”. In French PSAs, even before the Fukushima Dai-ichi accidents, long-term accident sequences were taken into account. However, in the short-term, IRSN intends to enhance the modeling conditions of the “long-term” accident sequences induced by loss of the heat sink and/or the loss of external power supply. In past studies, a mission time longer than 24 hours was already assumed, and as long as 192 hours in the Flamanville-3 EPR’s “extreme wind” Level 1 PSA study. IRSN intends to promote a generic study which could be used as a benchmark methodology for assessing of the long-term accident sequences, mainly generated by external hazards and their combinations.
As described above, in the USA, Germany and France, PSA studies for long-term accident sequences caused by various external hazards are being promoted. The study challenges include:
Scope of the PSA: reactor in full power, low power, shutdown states, SFP and dry cask storage,
combination of external hazards,
mission time for long duration scenarios,
multi-unit impacts,
establishing screening procedures for analysis of site specific hazards.
3.5 Session 4 - Modeling of NPP Response to Natural Hazards in PSA
Session 4 was dedicated to those papers discussing examples of PSA projects from four different countries, where external hazards were modeled. Three papers concerned NPPs and one paper was devoted to a spent fuel interim storage facility.
The first presentation was made on the topic “External Events PSA for the Paks NPP (2012)” by T. Siklossy from NUBIKI, Hungary. The Hungarian nuclear safety regulatory body requires a risk assessment of external hazards beyond the design basis, up to the cut-off frequency of 1E-07 per reactor year. A quantitative risk assessment of external (not screened out) hazards was performed and plant CDF for some hazard categories were enumerated. The unscreened hazard categories included earthquakes, extreme winds, rainfall, snow, extremely high and low temperatures, frost and ice formation, as well as lightning, tornado, and blockage of water intake filters. The current PSA models include wind, snow and frost hazards for which plant CDF was calculated. Plant risk due to extreme rainfall and lightening was found insignificant. The scope of analysis includes shutdown states, as well as at-power operation. Unresolved issues and the needs for follow-up analyses were identified and proposed.
28 NEA/CSNI/R(2014)9
The second presentation was made by T. Kozlik, KKG, Switzerland on “Treatment of external events in the linked event tree methodology for Goesgen-Daeniken NPP”. This PWR type plant has an integrated PSA model based on the “linked event tree methodology”. The model is run by RISKMAN software which quantifies Level 1 and Level 2 PSA models for internal and external events. The scope of the external hazards analysis includes seismic events, extreme winds and tornados, external floods, and service water intake flooding. Other external hazards were screened out. The paper provided some details of the external flooding modeling and data used. After recent plant modifications, which included flood barriers, the CDF (and LERF) from external flooding were estimated to be negligible. There is an ongoing study aiming on reevaluation of seismic hazards in Switzerland (the PEGASOS refinement project).
The third presentation was made by M. Jaros, UJV Rez on the topic ”External events analysis in PSA studies for Czech NPPs”. In this presentation, external event analyses in PSAs of two NPPs - Dukovany and Temelin, were described. For both plants, external hazards have been gradually incorporated into the PSA models in the last decade. In 2008, the following external hazard categories were screened in for analysis in the NPP Dukovany PSA: storms, extreme high/low temperatures, extreme snow and wind, tornados and seismic events. Recently, a revision of the past selection and screening of external hazards for detailed analysis was done using the new EPRI methodology released in 2012 [22]. For the Temelin NPP, the screened in hazards (other than seismic) were found to be negligible contributors to plant risk.
The last presentation was made by T. Puukka, TVO, Finland, on the topic “The probabilistic risk analysis of external hazards of an interim storage for spent nuclear fuel in Olkiluoto.” This work is an example of non-reactor external hazards modeling. The study started in 2012, following the responses to the Fukushima event. A detailed analysis has been carried out, and 13 hazards (sea-related and others), and seismic events were included. Quantitative results were produced. Based on the results, specific improvements in the plant design were proposed.
The following observations can be made from the papers presented and the subsequent workshop discussion:
External hazards have been modeled in various NPP PSAs over the last decade, including events during shutdown and low power operation.
Many examples of plant (reactor and non-reactor) improvements due to external event analyses do exist.
Some organizations plan to use the external events (EE) PSA to quantify the impact of post Fukushima actions.
All organizations intend to develop EE PSA in a more systematic manner.
Level 2 EE PSA has not been systematically included into the scope of external events analysis.
Possible subjects for international cooperation should be discussed (such as screening, for example - criteria and results).
3.6 Session 5 – Seismic Risk Analysis
In the fifth session five contributions of four countries and one of the IAEA were presented. In this chapter, they are summarized first per contribution in an extended way followed by a summary of the major overall conclusions from this session.
29 NEA/CSNI/R(2014)9
The presentation “Guidance on implementing seismic PSA” by O. Coman, IAEA, was devoted to development of guidelines for implementation of a seismic PSA. If successful, these guidelines can close an important gap. ASME/ANS PRA standards and the related IAEA Safety Guide (IAEA NS-G-2.13 [23]) describe capability requirements for seismic PSA in order to support risk-informed applications. However, practical guidance on how to meet these requirements is limited. Such guidelines could significantly contribute to improving risk-informed safety demonstration, safety management and decision making. Extensions of this effort to further PSA areas, particularly to PSA for other external hazards, can enhance risk-informed applications.
The presentation “Seismic hazard assessment and uncertainties treatment regarding French regulation” by C. Berge-Thierry, CEA, France started with the fact that, based on the lessons learned from the Fukushima accidents, seismic design and safety analyses have been reviewed extensively in France, e.g. as a part of the EU Stress Test. Within this review, a thorough examination of current regulations and practices in seismic hazard assessment for NPP sites in France was made; several technical issues were identified that have to be further dealt with. In particular, the necessity of a full scope probabilistic seismic hazard assessment (PSHA) has been pointed out with an emphasis put upon including and quantifying the effects of epistemic uncertainties. Since national experience may be insufficient to fully cope with this task, the importance of international co-operation was highlighted in the presentation. It is recommended to further study in more details whether the new findings can be generalized and postulated as valid for other member states with NPP sites of moderate or low level of seismicity.
The presentation “Level-1 seismic probabilistic risk assessment for a PWR plant” by K. Kondo, JNES, Japan, was oriented to the development of seismic PSA models and risk quantification in pilot study for a Japan PWR. The probability of simultaneous correlated failures for multiple components has been evaluated in the study by using the power multiplier (PM) method presented in NUREG/CR-4840 [24]. The difference in CDF between the case of conventional PM and that of PM = 1 (complete dependence) was found quite small, only 3 %. However, the influence of PM on CDF increased up to 20 % if the impact of emergency core cooling system (ECCS) piping fragility was neglected. In the future, more realistic evaluations of correlated simultaneous failures are seen as desirable. It is noted, that a 20 % change in the CDF estimate can be expected at maximum in this seismic PSA.
The fourth presentation was “Seismic PRA of a BWR Plant” by M. Nishio, JNES, Japan, which described the seismic PSA performed for a BWR-5 plant and evaluated the dominant accident sequences leading to core and/or primary containment vessel (PCV) damage, in order to identify dominant scenarios of severe accidents. The analytical models and the results of Level 1 seismic PSA were presented. The initiating events with dominant contributions to CDF include the loss of all alternating sources of electric power (station blackout) and large LOCA. The most important accident sequence is the simultaneous occurrence of station blackout and large LOCA. Plant CDF can be lowered substantially by increasing the seismic capacity of the diesel generators. Follow-on activities to this seismic PSA may include (1) removal of some unnecessary conservatism, (2) refinement of success criteria for plants systems in response to seismic- induced transients and (3) inclusion of seismically induced tsunami in the analysis.
The last presentation was “Seismic design of non-reactor nuclear facilities” by M. Mummert, NUKEM, Germany. In M. Mummert’s proposal for a systematically structured approach to seismic safety and seismic classification of non-reactor nuclear facilities, an observation was made indicating less rigorous design and less safety analyses for such facilities in comparison to nuclear power plants. Although this finding cannot be fully generalized on the basis of isolated observations, the importance of external hazards PSA for non-reactor radiological sources has to be stressed. The Fukushima experience clearly confirms the validity of this finding. In the member states, a continuous development has been addressed in the scope of PSA over the past decades in terms of operating modes, initiating events/hazards and radiological sources. It is suggested that a full scope PSA should be pursued in all these aspects.
30 NEA/CSNI/R(2014)9
Some general conclusions can be drawn from the results and findings reported in the papers of Session 5. These conclusions address various technical issues of seismic risk analysis. Some of them may contribute, in a broader sense, to help advancing PSA for other types of external hazards, and risk-informed decision making involving considerations of risk from external hazards:
IAEA is developing a “how to do” document on implementing seismic PSA in order to provide technical guidance helping to meet the requirements of the ASME/ANS PRA standard [25] and IAEA Safety Guide NS-G-2.13 [23] for the support of risk-informed applications.
Implementation guidance for a broader scope of external hazards PSA as well as IAEA’s efforts to help with the extension of PSA models for internal and external hazards should contribute to improving risk-informed safety demonstrations, safety management and decision-making,
Comprehensive and critical reviews of seismic hazard assessments (SHA) have been found of paramount importance in France, which can be valid also for other countries to identify and close gaps in methodology including NPP sites with moderate or low seismicity,
An important response of the French authority and utilities to the Fukushima accident is an improvement of the Complementary Safety Studies (CSS) in order to complete the scenario based approach by probabilistic seismic hazard assessment (PSHA) with appropriate treatment of epistemic uncertainties,
Based on the results and findings from developing seismic PSA models for selected Japanese plant designs, the need to improve the quantification of correlated simultaneous failures has been highlighted.
The risk from seismic induced hazards has to be considered as well. Accordingly, the Atomic Energy Society of Japan (AESJ) is developing guidelines on tsunami PSA. Seismically induced consequential hazards may be an important risk factor even if the site is not vulnerable to tsunami with seismic induced fires and flooding being examples that typically need to be accounted for in a seismic PSA.
The use of a structured and systematic approach to seismic design and safety analysis is indispensable to ensure sufficient defense of non-reactor nuclear facilities against earthquakes.
3.7 Session 6- Use of external events PSA with the focus on regulatory body role
The papers of Session 6 gave an overview of the regulatory approach in Germany, USA, Canada, Japan and Finland regarding the PSA requirements and the development of regulation, focusing on external hazards and the impact of the Fukushima Dai-ichi accidents.
M. Krauß, BfS, Germany, described in his paper “Actual regulatory developments concerning the implementation of probabilistic safety analyzes for external hazards in Germany” how the recent activities in the context of the Fukushima Dai-ichi reactor accidents, such as the WENRA and new IAEA safety requirements and EU Stress Test, have influenced the revision of the German national nuclear safety regulations, completed in 2012. Additionally, the recommendations and guidelines of the German Nuclear Safety Standards Commission (KTA) and the expert group FAK PSA, an advisory board of the Federal Ministry of Environment, Nature Conservation and Nuclear Safety (BMU) led by the Federal Office for Radiation Protection (BFS), will provide new updates to the regulation in 2014. The activities of the updates have been focused to the natural hazards “earthquake” and “flooding” in the German regulations. However, explicit consideration of all natural hazards is required.
31 NEA/CSNI/R(2014)9
The second paper titled “Incorporation of All Hazard Categories into U.S. NRC PRA Model” by S. Sancaktar discussed how the U.S.NRC has incorporated additional hazard categories into a set of nuclear power plant PRA models (Standardized Plan Analysis Risk, SPAR models) prepared by the NRC’s Office of Nuclear Regulatory Research since 2004. Currently, there are 18 SPAR-AHZ models addressing additional hazard categories such internal flooding and fires, seismic and wind-related hazards. These models allow the U.S. NRC risk analysts to make independent quantitative estimates of event and plant risk.
Two additional activities being pursued currently at the U.S. NRC may further improve the completeness of the SPAR-AHZ models:
A better process to evaluate, and, if appropriate, include the impact of multiple and concurrent events in a PRA model, with emphasis put on seismically induced fire and flooding events,
a Level 3 PRA model study that includes multi-unit, multi-source events (e.g. spent fuel pool and storage casks, in addition to the reactor) covering all operational modes and hazards (see Section 3.4 of this report).
M. Xu from the Canadian Nuclear Safety Commission (CNSC) introduced CNSC’s Fukushima Actions Items (FAI) with respect to external hazards evaluation: FAI 2.1.1 Re-evaluation of external hazards and FAI 2.1.2 Re-evaluation of design protection against external hazards. Seismic events, external floods, high winds and consequential hazards are to be considered. These two FAIs also require the Canadian licensees to evaluate the cliff-edge effects corresponding to the WENRA Stress Test specifications and the U.S. NRC approach.
The fourth paper titled “Strategies towards Enterprising Development and Application of External Events PRA Standards in Japan” by K. Kondo, JNES discussed the background and development of PRA standards (Levels 1, 2 and 3) in Japan with the focus on external hazards PRA standards. A standard for procedures of seismic PRA was issued in September 2007, implementation standards for tsunami in February 2012 and the standard for internal flooding in November 2012. The development of standards is ongoing, including new standards for fires and quality of PRA, and additional revisions of the existing standards to cover consequential events and shutdown states. Japanese experts strongly emphasize the importance of the assessment of external hazards.
The fifth paper titled “The Role of External Events PSA in the Finnish Regulatory Approach“ by J. Sandberg, Radiation and Nuclear Safety Authority (STUK), Department of Nuclear Reactor Regulation, Finland gave an overview of the Finnish regulatory basis on PSA with the focus on external hazards. PSA has widely been used in Finland to support regulatory decision making since the late 1980es. Seismic hazards, harsh weather conditions and other off-site external hazards were included in the PSA models of the operating units in the 1990es and several updates and extensions have been carried out since then. For new units, a preliminary full scope PSA is required in the design phase, which shall be refined during construction. PSA and, in particular, external hazards PSA has proven to be an important tool in safety management and regulation in Finland. The licensee’s positive attitude has resulted in long-term commitment on development and application of PSA, active development of PSA methods, and additionally created in-house expertise and understanding of plant and site specific issues.
The following main conclusions can be drawn based on the presented papers:
Although probabilistic methods for assessing risks of internal events have been commonly required on regulatory basis, requirements for addressing external hazards were mainly restricted to the assessment of seismic impact on the plant.
32 NEA/CSNI/R(2014)9
Lessons learned from the Fukushima Dai-ichi reactor accidents and related actions at national, European and global level have emphasized the importance to assess risks associated with all natural hazards, combinations of those and their impact on plant sites with several units.
Based on the papers of the workshop, regulators in many countries have taken actions to include external seismic risk, external flooding, and (to some, generally different level, the other external hazards) in PSA practices and safety regulations; national safety requirements have been re- evaluated and development is still ongoing.
Finland is an example of a country having long traditions and broad experience in requiring and using external hazards PSA including seismic, external flooding and other natural hazards, as an integral part of PSA and decision making.
3.8 Facilitated Discussions
Two facilitated discussions were held during the workshop on the following general topics:
Where do we stand in risk analysis of external events?
Findings and good practices for external events analysis.
The first discussion was facilitated by J. Holy, the second one by N. Siu.
3.8.1 Status of External Hazards PSA – Selected Topics
Regarding the status of external hazards PSA, important aspects of the following topics were addressed in the discussions:
vulnerability and fragility analysis,
PSA modeling and analysis of strong external events impacting more than one unit located at a plant site,
specific features of plant operation regimes (low power and shutdown) analysis,
human reliability analysis,
extended duration scenarios,
combined external hazards, and
climate change.
Vulnerability and fragility analysis
The simple concept of fragility (as a scalar) is very useful in seismic PSA, but can be more problematic in other situations where the hazard needs to be characterized by a number of parameters. For example, the treatment of wind-driven missiles needs to consider speed and angle, as well as the physical characteristics of the missile. As another example, a detailed treatment of floods needs to consider, in addition to water level, such things as dynamic forces, persistence, and the potential for clogging. In addition, new
33 NEA/CSNI/R(2014)9
challenges have to be addressed also in the area of fragility analysis of (non-seismic) events as extreme snow, extreme wind, extremely heavy rain and other external hazards.
The vulnerability and fragility analysis should address correlation effects and consequent damage (e.g., the impact of generated missiles). However, both methodological support and the volume of useful information defining good practices are very limited. There is a need for methodological improvements and guidance to address a these issues.
More generally, there is a need for methodological developments and associated PSA guides and standards to address non-seismic fragilities. Generic and hazard-specific guidance could help, for example, PSA analysts attempting to develop fragilities for lightning-induced events based on information provided in industrial standards for lightning protection.
There is a need for an authoritative, common source of information (e.g., references or a database) on fragilities covering the wide range of external hazards that need to be considered.
Multiunit effects
Multi-unit effects analysis is another area requiring consideration of the correlation of component failures due to the shared characteristics of similar components located at different units impacted by the external event. Methodological support is limited, and some guide or standard would be extremely useful.
Consideration of the potentially site-wide effects of external hazards also brings some new specific methodology issues, particularly related to dependency, human factors, success criteria etc.
Limitations in plant resources to manage multiunit events should be addressed carefully (as there may be no help available from another unit on site).
The establishment of appropriate safety goals for multiunit events remains a challenge (albeit a challenge not unique to external hazards PSA).
External events PSA for various operation regimes and non-reactor sources of risk
A number of workshop presentations indicated some degree of coverage of external hazards analysis for non-power modes of operation and some papers explicitly addressed analyses for storage facilities. It is important to look beyond reactors when assessing the risk from external hazards.
From a Level 2 PSA perspective, it is important to recognize that for some non-reactor sources (e.g., spent fuel pools) physical barriers to radiological release (e.g., a fuel handling building) may be damaged by an external event.
Human reliability analysis in external events PSA
HRA methodologies developed and used in internal events analysis will have to be modified for intended applications in external events PSA. This big challenge will include not only quantification, but also task analysis and modeling, including addressing new performance shaping factors (in applications of generation 1 HRA methods) or new elements of the error forcing context (in applications of generation 2 HRA methods).
In general, external events PSA may need to put more emphasis on organizational and managerial aspects of plant response than PSA for internal events. Instead of a fixed, well elaborated (control room)
34 NEA/CSNI/R(2014)9
environment, the key human actions may be performed under highly dynamic and not very crew friendly circumstances.
The strong call for harmonization of HRA methods used worldwide has resulted in such international activities as the International Empirical HRA Study [26]. Harmonization efforts should be extended to cover HRA performed within external events PSA.
Long duration scenarios and the most suitable scope of the model in external events PSA
A clear treatment of long duration scenarios needs a clear definition of what is meant by “long duration.” This definition is dependent on the definition of what is considered to be a safe and stable state, and also on the purpose of the analysis. Regarding purpose, for example, the analysis timeframe for a baseline PSA analysis used to support routine risk-informed applications may differ from that for an analysis performed to identify potential vulnerabilities at a damaged site (actual or hypothetical).The time duration of accident scenarios modeled and quantified in an external events PSA significantly influences the scope of the analysis and the resources needed. Due to the potentially large-scale onsite and off-site consequences of external events that can hinder recovery efforts, the common assumption of a 24 hour mission time frame needs to be re-examined.
The length of the time interval modeled in various PSAs, and even in the same PSA for different external initiating events, should not be fixed as constant; rather it should be established in accordance with the character of the scenario. In principle, the scenario should be modeled up to the point where the final plant status (as defined in PSA) can be clearly put into one of a number of pre-defined categories (stabilized plant, core damage etc.). However, such an approach can lead to a difficult analysis involving explicit modeling of a very long time interval.
Long-term scenarios represent a specific problem for HRA. The challenges include the treatment of organizational response, for which current methods are still rudimentary.
Plant response to the events caused by combined external hazards
As also recognized in a number of workshop presentations, it is important to address combinations of external hazards in external events analysis. Given the multiplicity of potential combinations, such an analysis should be carried out in systematic manner (e.g., by matrix of possible external events combinations). Examples of systematic approaches to identification of risk important combinations of external hazards were presented in Session 1 and Session 3 of the workshop.
It is also important to recognize the potential risk significance of consequential hazards induced by the external event. It was noted that seismically-induced fires and floods are being addressed in Canadian PSAs.
Screening methods play a large role in external events PSA. Systematic approaches that search for and then screen, as appropriate, potentially important combinations of external hazards are needed.
Climate change effects
Although there was general agreement that climate change and its implications for external events PSA was an important discussion topic, there were mixed views regarding the urgency of its explicit treatment in PSA.
As also discussed at the NRC’s PFHA workshop (see Section 2.1), estimates of the frequency-magnitude relationship for extreme, natural meteorological events are subject to very large uncertainties, even when
35 NEA/CSNI/R(2014)9
climate change is not taken into consideration. Climate change considerations introduce additional uncertainty that may or may not be significant.
Further, it was emphasized that addressing climate changes in external hazards PSA represents a major challenge for the process of deriving (external hazard induced) initiating event frequencies. Addressing climate change means adding (at least) one more parameter into the frequency model and this parameter has to be estimated on the basis of available data.
Recognizing the potential importance of climate change effects on some risk-informed decisions (e.g., those requiring consideration of risk projections for extended time periods), it was suggested that WGRISK continue to monitor the state of the science, possibly addressing the topic through a technical discussion at an upcoming annual meeting. This suggestion echoes a similar recommendation made in the 2009 WGRISK report on PSA for non-seismic external events [3].
As indicated by an NEA representative, the NEA opened a new project addressing economic and safety consequences of climate changes in operation of nuclear power plants in the future [6]. The plan for this new project that addresses safety aspects does not specifically identify PSA as a subject to pursue. However, the idea that PSA may be usable tool has been supported in climate change project meetings.
3.8.2 Good Practices in External Events PSA
Regarding good practices for external events PSA, the workshop participants identified the following:
challenge assumptions,
calibrate models,
account for underlying physical processes ,
ensure treatment of dependencies,
work in multidisciplinary teams,
disseminate information.
A number of these were illustrated with practical examples in the workshop presentations or discussions.
Challenge assumptions
Most of current external event PSAs start with a standard list of events (e.g., see NUREG-1407 [27], ASME/ANS Ra-2009a [25], and IAEA Specific Safety Guide SSG-3 [28]) and then screen out events that are unlikely to be important risk contributors. The analysis should consider whether these standard lists should be supplemented by more recently identified potential hazards (e.g., coronal mass ejections). The analysis should also pay strong attention to combinations of events, especially when these events are correlated. Examples of such combinations were presented by a number of papers during the workshop.
The analysis should search for conditions that would make a situation worse and those that could increase dependencies between the external hazard and mitigating actions. As an example of the first, reduced staffing or even attention levels during night shifts could slow the identification and notification of offsite emergencies. As an example of the second, the occurrence of a storm could increase the likelihood of an
36 NEA/CSNI/R(2014)9
offshore shipping accident and also increase the failure probability for deploying booms intended to protect against oil spills.
The analysis should consider the effects of potentially relevant trends. In the case of external event PSA, these include changes in weather due to climate change, changes in relevant transportation patterns (e.g., shipping loads and frequency, commercial aircraft routing), and changes in plant technology (e.g., increased use of digital technology, increasing the potential vulnerability to electromagnetic disturbances). Particular attention should be paid to the effects of these trends on combinations of external hazards.
Calibrate models
Given the relatively short historical record available and the need to estimate the likelihood of external hazards with long return periods, the analysis should include all relevant evidence, including paleo evidence when available.
In some situations (e.g., regarding flow from breached dams), experimental data are available and should be factored into the analysis.
A number of external hazards PSAs have been performed worldwide. It would be useful to compare analyses performed for similar hazards (e.g., lightning) to develop lessons (e.g., regarding the screening, or not, of such hazards) useful for other analyses.
Account for underlying physical processes
It is important to ensure that the probabilistic models used in PSA appropriately reflect the underlying physics of the situation. Thus, for example, a fragility analysis for a watertight door should account for the dynamic forces acting on that door – a tsunami will likely present a very different situation than a pipe break.
Although the binary logic modeling approach used in most PSA models is extremely useful, care must be taken that it not be used to oversimplify the performance or communication of an analysis. For example, as explained by Brinkman (see Section 3.3), overtopping is just one failure mode for a dyke. In fact, it isn’t the most likely failure mode. Combined with the fact that a plant’s response will differ with different flooding levels, the intuitive notion of a flooding “cliff edge” needs to be employed with caution.
As previously discussed, external hazards often are characterized by multiple parameters. These parameters, some of which may affect operator actions, should be treated explicitly in a detailed external hazard PSA.
A number of external hazards (e.g., riverine flooding) can involve significant build-up times before dangerous hazard levels are reached. Treatment of the associated warning time can improve the realism of the analysis.
Functional analysis can be performed to assess PSA mission times. Such an analysis is not yet routinely performed but is needed to provide a stronger basis for, or replacement of, generic values (e.g., 24 hours, 72 hours) used in most current PSAs.
37 NEA/CSNI/R(2014)9
Ensure treatment of dependencies2
Seismically induced fires and floods provide particularly challenging examples of potentially dependent events. Guidance for performing quantitative analysis has been developed by EPRI and used in Canada.
Other, well-recognized hazard combinations that can lead to dependent failures include storm-driven high winds and flooding (e.g., Blayais, 1999) and earthquakes and tsunamis (e.g., Fukushima, 2011). Sperbeck (see Section 3.4) presented a systematic method aimed at identifying important hazard combinations and associated dependencies among PSA initiating events.
Work in multidisciplinary teams
The complete treatment of external hazards involves multiple scientific and engineering fields. Multidisciplinary teams are needed to ensure appropriate use of the results from these fields in an external event PSA. In addition to experts on hazards and fragilities, these teams should include participants with expertise in plant operations, who will have first-hand knowledge regarding how a plant is expected to respond to an external event, as well potentially direct experience with actual events.
It should be recognized that some technical disciplines have approaches and perspectives that are not entirely consistent with the needs of an external events PSA. For example, some flooding hazards experts do not support the development of predictions for floods with return periods much greater than the available historical record (perhaps as supplemented with paleo evidence).
Disseminate information
To assist with the continued improvement and harmonization of external events PSA, it is important that the PSA community continue and even enhance efforts to share information on methods, models, tools, data, and results.
Because external events PSA deals with a wide range of hazards, an analysis requires input from many technical communities. It is therefore important that the external events PSA community be kept aware of developments in other, related communities, even in cases where the developments involve deterministic analyses (e.g., numerical predictions of tsunami heights).
Similarly, because other technical communities will benefit from knowing how their models and analyses are used in external events PSA, it is important that these communities be kept aware of external events PSA developments.
Intermediate results of external events PSA (e.g., the frequency and consequences of extreme flooding events) can be useful to non-nuclear risk managers. Even in cases where an external event is demonstrated to pose an insignificant threat to a nuclear facility, consideration should be given to sharing pertinent information with organizations with relevant risk management responsibilities.
2 Editors’ Note: the proper treatment of dependencies is widely recognized as being fundamental to PSA and much of the workshops’ discussions addressed different aspects of this topic. Due to time limitations, the facilitated discussion did not address additional, specific good practices beyond the few identified in this section.
38 NEA/CSNI/R(2014)9
3.8.3 Other Discussion Points
Particularly in the Post-Fukushima era, the examples of successful and useful applications of PSA are very valuable. A number of such examples was presented in papers during the workshop and further commented during facilitated discussions:
In one case (the flood induced biofouling and loss of ultimate heat sink at Cruas 4 in 2009 – see Dupuy paper, Section 3.4), emergency operating procedure changes suggested by a pre-event PSA led to improved management of the actual event,
The papers presented in the workshop provided numerous examples where external events PSA was used to support plant design and operations improvements,
The workshop papers and discussions also provided numerous examples where deterministic analyses of external hazards led to improvements; this illustrates the complementarity of the probabilistic and deterministic approaches and the value of a risk-informed approach to decision making.
39 NEA/CSNI/R(2014)9
4. Conclusions and Recommendations
The following conclusions can be made based on workshop presentations, discussions during particular sessions, including final and opening sessions, and two facilitated discussions.
4.1 Status of External Hazards PSA Including Recent Developments
Regulatory Framework
Lessons learned from the Fukushima Dai-ichi reactor accidents and related actions at national, European and global level have emphasized the importance to assess risks associated with external hazards (including combinations of these hazards) and their impacts on a plant site (possibly with several units).
Regulators in most countries have taken actions to include seismic and flooding risk, and, to some level, some other specific external hazards in national PSA practices and safety regulations. The development of systematic approaches for addressing external hazards completely in PSA practices is still ongoing.
An important response of the French authority and utility to the Fukushima accidents is an improvement of the Complementary Safety Studies (CSS) in order to complement the scenario based approach by probabilistic seismic hazard assessment (PSHA). The existing national safety requirements have been re- evaluated and revised on the basis of recent experiences regarding consideration of multi-unit effects, duration of an event, and fuel storage facilities.
Finland represents an example of a country having long traditions with good experiences in requiring and using external hazards PSA including seismic, external flooding and other external hazards, as an integral part of the PSA and decision making.
The current role of external hazards PSA in the regulatory framework varies from country to country depending on the local conditions, operating experiences and the type of relevant hazards. In some countries adequate deterministic requirements for protection against earthquakes or other external hazards did not exist when the operating reactors were built and the external hazards have been later analyzed in the PSA framework. In other countries the emphasis has been on deterministic design requirements.
Models, methods, tools and data
Useful hazard estimates can be determined with current methods and used in applications in the processes of risk oriented decision making.
Development of methods and preparation of studies aiming to obtain realistic risk assessments, neither too optimistic nor too much conservative, is a key issue. These more realistic evaluations would provide a better view on the real problems and also a better view on the interest of safety improvements.
In fact, some recent safety improvements could not be performed with a too simplified and conservative approach. Protection against oil spills in Finland, against tsunami in Korea, against external flooding in the Netherlands can serve as suitable examples. These case studies give examples of successful PSA applications proving that detailed realistic analyses are needed.
Standards and guidance
Recently developed methods and guides are available for seismic hazard determination, identification of external hazards and screening of external hazards for detailed consequent analysis. Several lists of screening criteria are available. The methods of Probabilistic Seismic Hazards Assessment (PSHA) have
40 NEA/CSNI/R(2014)9
been developed and used in practice for several decades and they have been well documented and described in relevant Standards.
Risk from seismically induced hazards has to be considered as well. Accordingly, AESJ has developed a standard on tsunami PSA [29]. Seismically induced consequential hazards may be a risk factor for those sites that are not sensitive to tsunami. Seismically induced fires and flooding are examples that typically need to be accounted for in a seismic PSA.
Comprehensive and critical overviews of seismic hazard assessments (SHA) have been realized as important in France, which can be valid also for other countries. IAEA is developing ”how to do” document on implementing seismic PSA in order to provide technical guidance to help to meet requirements IAEA Safety Guide NS-G-2.13 in support of risk-informed applications. IAEA activities aim at integrating PSA models for internal and external events/hazards that also should contribute to improving risk-informed safety demonstration, safety management and decision-making.
Good practices
The following external hazards PSA good practices were demonstrated by the presentations made during this workshop (and applicable to PSA in general, not just for external hazards PSA).
Challenging assumptions,
calibrating models,
accounting for underlying physical processes,
treating dependencies ,
involving multidisciplinary teams,
disseminating information promptly and broadly.
Applications
External hazards analysis methods have been used recently to evaluate operating NPP units and to identify needs for modification of plant systems and procedures as well as to support design of new plants
The external hazards risk contribution has been modeled in many NPP PSA (at least for some external hazards) over the last decade, including events occurring during shutdown and low power operation.
Examples of external hazards analyses and plant reactor (and non-reactor) improvements following the results of the analyses were given during this workshop. Details can be found in Appendix 3 of this report.
41 NEA/CSNI/R(2014)9
4.2 Challenges in External Hazards Analysis Methods and Organization
Methodological and technical challenges
In general, there are a number of significant technical challenges for external hazards PSA covering various areas of PSA, which include, for example:
multi-unit impacts,
combination of external hazards,
fragility analysis of non-seismic external hazards,
correlation effects and consequent damage scenarios,
HRA for external hazards PSA, including organizational and managerial aspects,
mission times for long-term scenarios,
effects of climate change on the derivation of hazard frequencies and magnitudes,
A significant challenge is data analysis, particularly estimation of the initiating event frequency. For many hazard estimates, observational data (sometimes including paleo information) data are commonly available, usually for a period of the order of 100 years. However, risk-related screening criteria can be far beyond the range of observation. As a consequence, strong “distant” extrapolations using extreme value distributions are necessary, typical resulting in high uncertainty in the final quantitative results.
Identification of correlations between external hazards is another important point. The combinations of simultaneous or successive external hazards may result in increased loadings on SSCs or they may simultaneously endanger diverse safety systems. Formal mathematical methods to treat the probabilities of correlated hazards are available but the quantification of the model parameters is a big challenge.
Based on the results and findings from seismic PSA models developed for selected Japanese plant designs, the need to improve the quantification of correlated simultaneous failures has been highlighted.
Scope and organizational challenges (topics suitable for international cooperation)
There are still some challenges ahead in a scope of external hazards PSA, e.g. SFP and dry cask storage have not been systematically addressed yet so as Level 2 external hazards PSA. Screening criteria and results (of the screening) have not been harmonized over the subjects participating in external hazards analysis and to some difference from internal events PSA, external hazards related operating experience has not been more systematically interchanged between utilities.
Use of a structured and systematic approach is indispensable to ensure sufficient defense of non-reactor nuclear facilities against earthquakes. A seismic classification for non-reactor nuclear facilities is being proposed and discussed nowadays.
The broad scope and organizational challenges appear to be:
42 NEA/CSNI/R(2014)9
increasing the scope of external hazards PSA to match internal events (recognizing resource limitations);
ensuring appropriate interactions with the appropriate scientific/technical communities;
ensuring appropriate use in safety-related decision making, including challenges related to quality and acceptance of external hazards PSA.
4.3 General Conclusions Regarding the Future Role of WGRISK
The contributions presented and the discussions organized during the international workshop on PSA of Natural External Hazards Including Earthquakes, hosted by UJV Rez, on June 17-19, 2013, in Prague, Czech Republic, provided valuable input for strengthening the role of WGRISK in supporting the development and application of probabilistic safety assessment and risk-oriented decision making methods in the area of external hazards.
The workshop supported the key general objectives of current WGRISK activities carried out in the frame of the CSNI task on “PSA of Natural External Hazards Including Earthquakes”, i.e. to collect and exchange information from OECD member states on the methods and approaches used in probabilistic safety assessment in this area. It is obvious that the orientation of WGRISK to such an important topic should continue in the future. Since the development of systematic approaches for addressing external hazards completely in PSA practices is still ongoing and will not be finished soon, WGRISK can play useful role in the process of comparison and harmonization of the approaches used by the research and development teams in the individual OECD member countries.
Although the area of natural external events is very broad and covers many themes, some of them should be given priority. Concrete examples of such topics include: external hazards impact on the plant operated in low power or shutdown regimes, impact of combined and induced external hazards, modeling of long- duration scenarios, where the uncertainty of scenario progression and final plant status is high, and the impact of severe natural external events on sites with several units.
A successful solution of these challenges and the development of appropriate user-friendly approaches can increase the credibility of PSA as a tool covering not only internal events, but also more complex impact of natural events of high intensity. This should be done in such a way that both the needs of utilities and regulatory bodies are taken into consideration. The lessons learned from the Fukushima Dai-ichi reactor accidents and related actions at national, regional, and global level may be also included into the knowledge base used in support of external hazards analysis. For example, one lesson is that the analysis and data should not be limited only to individual plant units; information is needed regarding the site as a whole, including all dependent effects and impacts.
Recognizing the impetus for action provided by actual operational events (including the Fort Calhoun flooding as well as the Fukushima Dai-ichi reactor accidents), it has appeared that WGRISK can provide stronger (and better-focused) cases for action by increasing its use of operating experience feedback. Among other things, this could imply strengthening ties with associated international working groups, particularly the NEA/Committee of Nuclear Regulatory Authorities (CNRA) Working Group on Operating Experience (WGOE).
An additional action for WGRISK suggested by the review concerns the tracking of past recommendations. It appears that increased efforts by the WGRISK leadership to systematically track and disposition report recommendations would help ensure that each task performed by the group more strongly supports the group’s overall objectives, and would help WGRISK improve its strategic planning processes.
43 NEA/CSNI/R(2014)9
In general, due to high importance of external hazards risk analysis, a WGRISK should consider initiating further activities in this area. For example, a future task to cover (partly or completely) the area of man- induced external hazards, which has been shown in some plant specific studies to be an important contributor to risk, could be considered.
Given the current pace of activity in this area, ways for WGRISK to continue information sharing on topics connected with natural external events should be considered. One possibility is to update the information contained in CSNI NEA report “Probabilistic Safety Analysis of other External Events than Earthquake” in March, 2009 [2] by gathering new information via a survey questionnaire. As new important events have happened since that time, including the Fukushima Dai-ichi reactor accidents, such an update could provide new valuable information and conclusions regarding external events.
Moreover, in the CSNI framework, WGRISK could provide a contribution to the newly created Task Group on Natural External Events for including a risk aspect.
Finally, it should be pointed out that WGRISK is, first and foremost an information sharing entity. The group does not take actions that directly affect nuclear safety, nor does it develop safety standards used by member organizations to ensure safety. However, of course, the information developed and shared by WGRISK is potentially useful to both of these activities. It appears that strengthening WGRISK’s ties with IAEA (which participates in WGRISK meetings) and other standards-setting organizations could help WGRISK (both in ensuring use of its products and in identifying areas of need) and these other organizations (by providing information supporting improved standards and guidance).
44 NEA/CSNI/R(2014)9
5. References
[1] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Specialist Meeting on the Seismic Probabilistic Safety Assessment of Nuclear Facilities, Jeju Island, Republic of Korea, 6-8 November 2006, NEA/CSNI/R(2007)14, Paris, France, November 2007
[2] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Proceedings of the Workshop on Recent Findings and Developments in Probabilistic Seismic Hazards Analysis (PSHA) Methodologies and Applications, Lyon, France, 7-9 April 2008, NEA/CSNI/R(2009)1, Paris, France, August 2009
[3] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Probabilistic Safety Analysis (PSA) of Other External Events Than Earthquake, NEA/CSNI/R(2009)4, Paris, France, May 2009
[4] American Nuclear Society (ANS), External Events in PRA Methodology, ANSI/ANS 58.21-2003, 2003
[5] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Use and Development of Probabilistic Safety Assessment: An Overview of the Situation at the End of 2010, NEA/CSNI/R(2012)11, Paris, France, December 2012
[6] Siu N., Coyne K., Lanore J.-M., Roewekamp M., Amri A., Fukushima Dai-ichi: WGRISK pre- and post-event activities, ANS PSA 2013 International Topical Meeting on Probabilistic Safety Assessment and Analysis, Columbia, SC, USA, September 22-26, 2013
[7] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), State-of-the-Art Report on the Current Status of Methodologies for Seismic PSA, NEA/CSNI/R(97)22, Paris, France, March 1998
[8] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Proceedings of the OECD/NEA Workshop on Seismic Risk, 10-12 August 1999, Tokyo, Japan, NEA/CSNI/R(99)28, Paris, France, November 2000
[9] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Seismic Probabilistic Safety Assessment for Nuclear Facilities, CSNI Technical Opinion Paper 2, Paris, France, September 2002
[10] Hakata T., Seismic PSA Methodology for Multi-Unit Sites, Proceedings of the OECD/NEA Workshop on Seismic Risk, 10-12 August 1999, Tokyo, Japan, NEA/CSNI/R(99)28, Paris, France, November 2000
[11] Ogura K., Fukuda M., Sakagami M., and Ebisawa K., Japan: Accidence Sequence Study for Seismic Event at the Multi-Unit Site, Proceedings of the OECD/NEA Workshop on Seismic Risk, 10-12 August 1999, Tokyo, Japan, NEA/CSNI/R(99)28, Paris, France, November 2000
[12] Tsutsumi H., Nanba H., Motohasi S., Ebisawa K., Development of Seismic PSA Methodology Considering Aftershock, Proceedings of the OECD/NEA Workshop on Seismic Risk, 10-12 August 1999, Tokyo, Japan, NEA/CSNI/R(99)28, Paris, France, November 2000
45 NEA/CSNI/R(2014)9
[13] International Atomic Energy Agency (IAEA), Programme: International Workshop on External Flooding Hazards at Nuclear Power Sites, 29 August – 2 September, 2005 (available from http://www.iaea.org/newscenter/news/pdf/tsunamiprog.pdf)
[14] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), The Use and Development of Probabilistic Safety Assessment in NEA Member Countries, NEA/CSNI/R(2002)18, Paris, France, July 2002.
[15] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Use and Development of Probabilistic Safety Assessment, NEA/CSNI/R(2007)12, Paris, France, November 2007
[16] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Fire Risk Analysis, Fire Simulation, Fire Spreading and Impact of Smoke and Heat on Instrumentation Electronics: State-of-the-Art Report, NEA/CSNI/R(1999)27, February 2000
[17] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Proceedings of OECD/NEA Workshop on Fire Risk, 26 June-2 July 1999, Helsinki, Finland, NEA/CSNI/R(1999)26, June 2000
[18] Organisation for Economic Co-operation and Development (OECD), Nuclear Energy Agency (NEA), Fire Probabilistic Safety Assessment for Nuclear Facilities, CSNI Technical Opinion Paper 1, Paris, September 2002
[19] Gorbatchev A., Mattéi J.M., Rebour V., Vial E., Report on flooding of Le Blayais power plant on 27 December 1999, EUROSAFE Forum 2000, Institut de Radioprotection et Sécurité Nucléaire (IRSN), France
[20] International Atomic Energy Agency (IAEA) “Earthquakes and associated topics in relation to nuclear power plant siting”, Safety Guide 50-SG-S1,Vienna, 1979
[21] International Atomic Energy Agency (IAEA) “Seismic Hazards in Site Evaluation for Nuclear Installations”, SSG-9, Vienna, 2010
[22] EPRI, “Identification of External Hazards for Analysis in Probabilistic Risk Assessment”, TR 1022997, December 2011
[23] International Atomic Energy Agency (IAEA) “Evaluation of Seismic Safety for Existing Nuclear Installations”, NS-G-2.13, Vienna, 2009
[24] U.S. Nuclear Regulatory Commission „Procedures for the External Event Core Damage Frequency Analyses for NUREG-1150”, NUREG/CR-4840, SANDS88-3102, November 1990,
[25] ASME/ANS, “Addenda to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications”, RA-Sa-2009, U.S.A. 2009
[26] U.S. Nuclear Regulatory Commission “International HRA Emprical Study Report”, NUREG/IA- 0216, Washington, U.S.A., November 2009
46 NEA/CSNI/R(2014)9
[27] U.S. Nuclear Regulatory Commission „Procedural and Submittal Guidance for the Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities, NUREG-1407, June 1991
[28] International Atomic Energy Agency (IAEA), “Development and Application of Level 1 Probabilistic Safety Assessment for Nuclear Power Plants”, SSG-3, Vienna 2010
[29] Implementation Standard Concerning the Tsunami Probabilistic Risk Assessment of Nuclear Power Plants: 2011(AESJ-SC-RK004E:2011), April 2013
47 NEA/CSNI/R(2014)9
48 NEA/CSNI/R(2014)9
OECD/NEA COMMITTEE ON THE SAFETY OF NUCLEAR INSTALLATIONS (CSNI)
PSA OF NATURAL EXTERNAL HAZARDS INCLUDING EARTHQUAKE APPENDICES
June 17-20, 2013 Prague, Czech Republic
49 NEA/CSNI/R(2014)9
50 NEA/CSNI/R(2014)9
List of content
APPENDICES
1. LIST OF PARTICIPANTS
2. WORKSHOP AGENDA
3. PAPERS/PRESENTATIONS
OPENING SESSION
SESSION 1 ANALYSIS OF EXTERNAL HAZARDS POTENTIAL
SESSION 2 SPECIFIC FEATURES OF ANALYSIS AND MODELING OF PARTICULAR NATURAL EXTERNAL HAZARDS
SESSION 3 PRACTICES AND RESEARCH EFFORTS ON NATURAL EXTERNAL EVENTS SESSION 4 MODELING OF NPP RESPONSE TO NATURAL EXTERNAL EVENTS IN PSA SESSION 5 SEISMIC RISK ANALYSIS SESSION 6 USE OF EXTERNAL EVENTS PSA WITH THE FOCUS ON REGULATORY BODY ROLE
CLOSING SESSION
51 NEA/CSNI/R(2014)9
52 NEA/CSNI/R(2014)9
LIST OF PARTICIPANTS
53 NEA/CSNI/R(2014)9
BELGIUM Dries Gryffroy Telephone No: +32 / (0)2 528 02 62 Bel V E-mail Address: [email protected] Rue Walcourt 148 B-1070 Brussels
CANADA Michael Xu Telephone No: +613-943-0015 Canadian Nuclear Safety Commission (CNSC) E-mail Address: [email protected] Ottawa Ontario
CZECH REPUBLIC Jaroslav Holy Telephone No: +420266172167 E- UJV Rez, a. s. mail Address: [email protected] Hlavni 130 Husinec Rez, 250 68
Milan Hladky Telephone No. +420581101111 ČEZ, a. s. E-mail Address: [email protected] NPP Dukovany
Jozef Misak Telephone No: +420266173655 UJV Rez, a. s. E-mail Address: [email protected] Hlavni 130 Husinec Rez, 250 68
Milan Jaros Telephone No: +420266172373 E- UJV Rez, a. s. mail Address: [email protected] Hlavni 130 Husinec Rez, 250 68
Ladislav Pecinka Telephone No: +420266172610 E- UJV Rez, a. s. mail Address: [email protected] Hlavni 130 Husinec Rez, 250 68
Milan Patrik Telephone No: +420266173560 E- UJV Rez, a. s. mail Address: [email protected] Hlavni 130 Husinec Rez, 250 68
FINLAND Juho Helander Telephone No: +358 20 757 8407 Fennovoima Oy E-mail Salmisaarenaukio 1 Address:[email protected] 00180 Helsinki
54 NEA/CSNI/R(2014)9
Ulla Vuorio Telephone No: +35840 0887635 Radiation and Nuclera Safety Authority - – STUK E-mail Address: [email protected] PO BOX 14 FI-00881 Helsinky
Tiia Puukka Telephone No: +358503444831 Teollisuuden Voima OYJ E-mail Address: [email protected] Olkiluoto FI-27160 EURAJOKI
Jorma Sandberg Telephone No: +358 40 1520178 Radiation and Nuclera Safety Authority - – STUK E-mail Address: [email protected] PO BOX 14 FI-00881 Helsinki
Lasse Tunturivuori Telephone No: +358 (02) 83811 Teollisuuden Voima OYJ E-mail Address: Olkiluoto [email protected] FI-27160 EURAJOKI
FRANCE Patricia Dupuy Telephone No: +33158358983 IRSN E-mail Address: [email protected] B.P. 17 92262 Fontenay-aux-Roses CEDEX
Gabriel Georgescu Telephone No: +33158358108 IRSN E-mail Address: [email protected] B.P. 17 92262 Fontenay-aux-Roses CEDEX
Marie Gallois Telephone No: +33 1 47 65 41 73 EDF R&D E-mail Address: [email protected] 1 avenue du Général de Gaulle 91440 Clamart Cedex
Jeanne-Marie Lanore Telephone No: +33158357648 IRSN E-mail Address: [email protected] BP17 92262 Fontenay-aux-Roses CEDEX
Catherine BERGE-THIERRY Telephone No: +33169086655 CEA E-mail Address: catherine.berge- DEN/DANS/DM2S/SEMT/EMSI Bâtiment 603 [email protected] Centre de Saclay 91191 Gif/Yvette
55 NEA/CSNI/R(2014)9
GERMANY Heiko Kollasko Telephone No: +49 9131 900 99942 AREVA GmbH E-mail Address: [email protected] Henri-Dunant-Strasse 50 91058 Erlangen
Matias Krauß Telephone No: +4930183331540 Bundesamt für Strahlenschutz, Safety Assessment E-mail Address: [email protected] Willy-Brandt-Straße 5 D-38226 Salzgitter
Maxi Mummert Telephone No: +496023911519 E- Nukem Technologies GmbH mail Address: Industriestrasse 13 [email protected]
Silvio Sperbeck Telephone No: +493088589167 Gesellschaft für Anlagen-und Reaktorischerheit E-mail Address: [email protected] (GRS) mbH Kurfürstendamm 200 10719 Berlin
Michael Türschmann Telephone No: +49(30)88589132 GRS mbH E-mail Address: Kurfürstendamm 200 [email protected] 10719 Berlin
Ralf Wohlstein Telephone No: +49114394488 EON E-mail Address: Tresckowstrasse 5 [email protected] 30457 Hannover
HUNGARY Attila Bareith Telephone No: +36 1 392 2716 NUBIKI Nuclear Safety Research Institute E-mail Address: [email protected] Konkoly-Thege Miklos ut 29-33 H-1121 Budapest
Mr Zoltán Vida Telephone No: +36 75 508978 MVM Paks NPP E-mail Address: [email protected] P.O.B. 71, Lot No: 8803/15 H-7031 Paks
Tamas Siklossy Telephone No: +36 1 392 2222 ext. 2113 NUBIKI E-mail Address: [email protected] Konkoly-Thege M. ut 29-33. Budapest
56 NEA/CSNI/R(2014)9
CHINA Gong Yu Telephone No: +0086 10 82205816 Nuclear and Radiation Safety Center of the E-mail Address: [email protected]
Ministry of Environmental Protection The Xizhimen North Street, Shougang International Building 16F
CHINESE TAIPEI Jyh-Der LIN Telephone No: +886-3-4711400 ext 6075 E- INER mail Address: [email protected] 1000 Wenhua Road, Longtan Township Tao Yuan, Taiwan
Yu-Ting LIN Telephone No: +886-3-4711400 ext 6133 E- INER mail Address: [email protected] 1000 Wenhua Road, Longtan Township Tao Yuan, Taiwan
Chung-Kung LO Telephone No: +886 3-4711400 ext 6075 INER E-mail Address: [email protected] 1000 Wenhua Road, Longtan Township Tao Yuan, Taiwan
NETHERLANDS E.W. Boxman Telephone No: +31 70 456 2367 Inspectorate of the Ministry of Infrastructure and E-mail Address: [email protected] Environment Nieuwe Uitleg 1 (int. 560) 2514 BP Den Haag
J. L. Brinkman Telephone No: +31 (0)26 356 8553 NRG Arnhem E-mail Address: [email protected] Utrechtseweg 310, P.O.Box 9034 Arnhem
ITALY Luciano Burgazzi Telephone No: +39 0516098556 ENEA E-mail Address: [email protected] Via Martiri di Monte Sole,4 40129 Bologna
Laura Frisoni Telephone No: +39 0683059865 ENEL E-mail Address: [email protected] Via Mantova 24 00198 Roma
57 NEA/CSNI/R(2014)9
JAPAN Keisuke Kondo Telephone No: +81(3)4511-1712 Incorporated Administrative Agency Japan Nuclear E-mail Address: [email protected] Energy Safety Organization Toranomon Tower Office, 4-1-28 Toranomon, Minato-ku Tokyo
Masahide Nishio Telephone No: +81(3)4511-1707 Japan Nuclear Energy Safety Organization (JNES) E-mail Address: [email protected] 4-1-28 Toranomon, Minato-ku Tokyo
KOREA (REPUBLIC OF) In-Kil CHOI Telephone No: +82-42-868-2056 Korea Atomic Energy Research Institute E-mail Address: [email protected] P.O. Box 105, Yuseong, Daejeon, 305-600
SLOVAK REPUBLIC Jozef Rybár Telephone No: +421258221176 Nuclear Regulatory Authority of the Slovak E-mail Address: [email protected] Republic Bajkalská 27 820 07 Bratislava
SPAIN Vázquez, Mª Teresa Telephone No: + 34 91 346 02 60 Nuclear Safety Council E-mail Address: [email protected] C/ Pedro Justo Dorado Delmans, 11 28040 Madrid
SWEDEN Frida Olofsson Telephone No: +46 8-799 40 30 Strålsäkerhetsmyndigheten E-mail Address: [email protected] Strålsäkerhetsmyndigheten 171 16 Stockholm
SWITZERLAND Roland Beutler Telephone No: +41-56-460-85-49 Swiss Federal Nuclear Inspectorate, ENSI E-mail Address: [email protected] Industriestrasse 19 CH-5200 Brugg
Telephone No: +41 62 288 20 76 Thomas Kozlik E-mail Address: [email protected] NPP Goesgen-Daeniken AG Kraftwerkstrasse 4658 Daeniken
58 NEA/CSNI/R(2014)9
UAE Farouk Eltawila Telephone No: +971 2 651 6610 Federal Authority for Nuclear Regulation E-mail Address: [email protected] P.O. Box 112021 Abu Dhabi
UNITED KINGDOM Peter Ford Telephone No: +207 556 3578 Health and Safety Executive 0151 951 5733 Redgrave Court, Merton Road E-mail Address: [email protected] Bootle, L20 7HS
Graham Simpson Telephone No: +207 556 3578 Health and Safety Executive E-mail Address: Rose Court 2 Southwark Bridge [email protected] London SE1 9HS
UNITED STATES OF AMERICA Selim Sancaktar Telephone No: +301-251-7572 U.S. Nuclear Regulatory Commission E-mail Address: [email protected] Washington, DC 20555-0001
Nathan Siu Telephone No: +13012517583 US Nuclear Regulatory Commission E-mail Address: [email protected] MS CSB 4.A07M Washington, DC 20555
INTERNATIONAL ORGANISATIONS Abdallah Amri Telephone No: +33145241054 OECD/NEA E-mail Address: [email protected] Nuclear Safety Division 12Bd des Iles FR-92130 Issy-les-Moulineaux
Ovidio Coman Telephone No: +431260026068 International Atomic Energy Agency E-mail Address: [email protected] P.O.Box 200 Vienna 1400
Kenta Hibino Telephone No: +43 2600 25559 International Atomic Energy Agency E-mail Address:[email protected] Vienna International Centre, Wagramerstrasse 5 A-1400, Vienna
Henri Paillere Telephone No: +33145241067 OECD Nuclear Energy Agency E-mail Address: [email protected] Le Seine St Germain, 12 boulevard des Iles, 92130 Issy les Moulineaux
59 NEA/CSNI/R(2014)9
60 NEA/CSNI/R(2014)9
WORKSHOP AGENDA
61 NEA/CSNI/R(2014)9
Workshop Programme Meeting rooms Brussels 3,4
Monday June 17, 2013 Registration 8:00 – 9:00
Opening session Chair: Milan Patrik (UJV Rez, Czech Republic) Co-Chair: Abdallah Amri (OECD/NEA, France)
9:00 Opening address & Welcome address Opening remarks, Objectives of the workshop
Nathan Siu (NRC, USA): Overview Notes: Workshop on Probabilistic Flood Hazard Assessment (PFHA) and PSAM Topical Conference in light of the Fukushima Dai-ichi Accident
Kenta Hibino (IAEA, Austria): Safety Assessment of Multiunit NPP Sites Subject to External Events
Jozef Misak (UJV Rez, Czech Republic): Lessons Learned from EU Stress Tests Evaluations with regard to External Hazards
10:30 End of opening session & Coffee break
Session 1: Analysis of external hazards potential
Chair: Jorma Sandberg (STUK, Finland)
11:00 Luciano Burgazzi (ENEA, Italy): Implementation of PSA models to estimate the probabilities associated with external event combination
Juho Helander (FENNOVOIMA, Finland): External hazard identification, screening and studies for a new plant site
Ladislav Pecinka (UJV Rez, Czech Republic): Seismic hazard assessment for NPPs in Czech Republic
Heiko Kollasko (AREVA, Germany): Probabilistic analysis of external events with focus on the Fukushima event
12:40 End of Session 1 & Lunch
62 NEA/CSNI/R(2014)9
Session 2: Specific features of analysis and modeling of particular natural external hazards
Chair: Jeanne-Marie Lanore (IRSN, France) Jaroslav Holy (UJV Rez, Czech Republic): Estimation of frequency of occurrence 14:00 of extreme natural external events of very high intensity on the base of (non)available data
Lasse Tunturivuori (TVO, Finland): External hazards in the PRA of Olkiluoto 1 and 2 NPP units - accidental oil spills
In-Kil Choi (KAERI, Korea): Current status and issues of external event PSA for extreme natural hazards after Fukushima accident
J. L. Brinkman (NRG, Netherlands): Realistic modeling of external flooding scenarios
15:40 End of Session 2 & Coffee break
Facilitated discussion 1: Where do we stand in risk analysis of external events?
Chair: Jaroslav Holy (UJV Rez, Czech Republic)
The discussion can address the following topics: 16:10 --- Treatment of multiunit effects of external events (including effects on onsite spent fuel and waste storage facilities) --- Specific problems of vulnerability and fragility analysis --- Analysis of both local and broad effects of external hazards including long term loss of the electrical grid and the final heat sink --- Addressing specific features of plant operation regimes in analysis and modeling --- Human factors in plant response to external events --- Approaches to extended duration scenarios involving external events (including events involving a stabilized but damage plant)
--- Modeling of plant response to the events caused by combined external hazards
17:30 End of Day 1
19:30-22:00 Dinner
63 NEA/CSNI/R(2014)9
Tuesday June 18, 2013
Session 3: Practices and research efforts on natural external events PSA
Chair: Kondo Keisuke (JNES, Japan)
9:00 Nathan Siu (NRC, USA): Consideration of external hazards and multi-source interactions in the USNRC’s site level 3 PSA project
Silvio Sperbeck (GRS, Germany): Recent research on natural hazards PSA in Germany and future needs
Patricia Dupuy (IRSN, France): Treatment of the loss of ultimate heat sink initiating events in the IRSN PSA
Hari Prasad Muruva (BARC, India): Modeling of Seismically Induced Multiple Rare Events in PSA of Indian NPPs
Gabriel Georgescu (IRSN, France): PSA modeling of long-term accident sequences
11:00 End of Session 3 & Coffee break
Session 4: Modeling of NPP response to natural external events in PSA
Chair: Gabriel Georgescu (IRSN, France)
Tamas Siklossy (NUBIKI, Hungary): External Events PSA for the Paks NPP 11:20 Thomas Kozlik (KKG, Switzerland): Treatment of external events in the linked event tree methodology – NPP Goesgen-Daeniken example
Tiia Puukka (TVO, Finland): The probabilistic risk analysis of external hazards of an interim storage for spent nuclear fuel in Olkiluoto
Milan Jaros (UJV Rez, Czech Republic): External events analysis in PSA studies for Czech NPPs
13:00 End of Session 4 & Lunch
Session 5: Seismic risk analysis
Chair: Attila Bareith (NUBIKI, Hungary)
14:00 Catherine Berge Thierry (CEA, France): Seismic hazard assessment and uncertainties treatment: discussion on the current French regulation, practices and
64 NEA/CSNI/R(2014)9
open issues.
Kondo Keisuke (JNES, Japan): Level-1 seismic probabilistic risk analysis for a PWR plant
Masahide Nishio (JNES, Japan): Seismic PRA of a BWR plant
Maxi Mummert (NUKEM, Germany): Optimization of safety and seismic classification during the design stage of non-reactor nuclear facilities
Ovidiu Coman (IAEA, Austria): Implementation Guidelines for Seismic PSA
16:00 End of Session 5 & Coffee break
Facilitated discussion 2: Findings and good practices for external events analysis
Chair: Nathan Siu (NRC, USA)
The discussion can address the following topics: 16:30 --- Applications of external events PSA methods and models in regulatory oversight.
--- Use of external events PSA in risk informed safety management by the licensees and other non-regulatory applications for external events PSA --- Evaluation of the effectiveness of measures to be taken in anticipation of gradually developing external hazards --- Level 2 PSA aspects of external events risk analysis including evaluation of accident management measures in case of external events
--- Treatment of uncertainties and sensitivity analysis in PSA for external events.
17:45 End of Day 2
65 NEA/CSNI/R(2014)9
Wednesday June 19, 2013
Session 6: Use of external events PSA with the focus on regulatory body role Chair: Ulla Vuorio (STUK, Finland)
9:00 Matias Krauss (BFS, Germany): Current regulatory developments concerning the implementation of probabilistic safety analyzes for external hazards in Germany.
Selim Sancaktar (NRC, USA): Incorporation of all hazard categories into U.S. NRC PRA models
Michael Xu (CNSC, Canada): PSA approach for evaluation of external hazards as part of CNSC Fukushima action items
Kondo Keisuke (JNES, Japan): Strategies towards enterprising development and application of external events PRA standards in JAPAN
Jorma Sandberg (STUK, Finland): The role of external events PSA in the Finnish regulatory approach
11:00 End of Session 6 & Coffee break
Final Session
Chair: Milan Patrik (UJV Rez, Czech Republic)
Co-Chair: Abdallah Amri (OECD/NEA, France)
11:30 All session chairmen: Session summaries (approximately 10 minutes each) Workshop summary and concluding remarks
12:45 Closing of the workshop
Lunch
66 NEA/CSNI/R(2014)9
PAPERS/PRESENTATIONS
67 NEA/CSNI/R(2014)9
68 NEA/CSNI/R(2014)9
OPENING SESSION
Chair: Milan Patrik Co-Chair: Abdallah Amri
J. Misak LESSONS LEARNED FROM EU STRESS TESTS EVALUATIONS WITH REGARD TO EXTERNAL HAZARDS
S. Samaddar, K. Hibino and O. Coman SAFETY ASSESSMENT OF MULTIUNIT NPP SITESSUBJECT TO EXTERNAL EVENTS
N. Siu NOTES AND MEETING OVERVIEWS ON PSAM 2013&PROBABILISTIC FLOOD HAZARD ASSESSMENT WORKSHOP
69 NEA/CSNI/R(2014)9
70 NEA/CSNI/R(2014)9
71 NEA/CSNI/R(2014)9
72 NEA/CSNI/R(2014)9
73 NEA/CSNI/R(2014)9
74 NEA/CSNI/R(2014)9
75 NEA/CSNI/R(2014)9
76 NEA/CSNI/R(2014)9
77 NEA/CSNI/R(2014)9
78 NEA/CSNI/R(2014)9
79 NEA/CSNI/R(2014)9
80 NEA/CSNI/R(2014)9
81 NEA/CSNI/R(2014)9
82 NEA/CSNI/R(2014)9
83 NEA/CSNI/R(2014)9
84 NEA/CSNI/R(2014)9
85 NEA/CSNI/R(2014)9
86 NEA/CSNI/R(2014)9
87 NEA/CSNI/R(2014)9
88 NEA/CSNI/R(2014)9
SAFETY ASSESSMENT OF MULTIUNIT NPP SITES SUBJECT TO EXTERNAL EVENTS
Sujit Samaddar, Kenta Hibino and Ovidiu Coman International Atomic Energy Agency Vienna International Centre PO Box 200, Vienna 1400, Austria
ABSTRACT:
This paper presents a framework for conducting a probabilistic safety assessment of multiunit sites against external events. The treatment of multiple hazard on a unit, interaction between units, implementation of severe accident measures, human reliability, environmental conditions, metric of risk for both reactor and non-reactor sources, integration of risk and responses and many such important factors need to be addressed within the context of this framework. The framework facilitates the establishment of a comprehensive methodology that can be applied internationally to the peer review of safety assessment of multiunit sites under the impact of multiple external hazards.
KEY WORDS:
External Events PSA, Common Cause Failures, Multiunit Site, Multi Hazards
1. INTRODUCTION
The current energy demands and the difficulties in acquiring public support in establishing new sites for nuclear power plants is a powerful incentive for the nuclear industry towards the utilization of existing sites for the construction of new nuclear reactor units. The incentive is made even more attractive by the availability of many of the infrastructural and administrative resources that can be shared from the use of the same site. Thus for new builds the nuclear industry tends to gravitate towards using the same site, a multiunit site, as this choice is very practical and resource efficient (Ref. 1).
Fig. 1 shows a distribution of the site housing more than three units in the world based on the IAEA’s PRIS database (www.iaea.org/pris). As of 10 March 2013, a ratio of multiunit sites housing more than two units (including operating units, units under construction and long-term suspended units) for all sites is about 81%, and a ratio of multiunit sites housing more than three units is about 32%.
89 NEA/CSNI/R(2014)9
Fig. 1: Multiunit sites housing more than three units in the world (10 March 2013)
This move towards the use of a common site to house multiple reactor units and supporting facilities necessitates the regulatory authorities of the Member States to establish the “safety” of such a site. Safety assessments in the past have used a deterministic and probabilistic approaches considering that a site with multiple installations can be represented by summing up the risk metric of individual units. This simplified approach to establishing site safety had several limitations as it could not represent fully the many varied and complex interactions that would take place during a severe event impacting a multiunit site.
The Niigata-Ken Chuetsu-Oki Earthquake (16 July 2007, Japan) which affected the Kashiwazaki-Kariwa nuclear power station provided a glimpse of how multiple correlated hazards can develop from a single external event (ground motion and fire). A site safety assessment should therefore, be capable of addressing multiple correlated hazards yet the available methodology for site safety assessment currently is addresses one hazard at a time.
The Great East Japan Earthquake (11 March 2011, Japan) generated in severe ground motion causing the safe-shutdown of several reactor units at the Nuclear Power Plants of Onagawa, Fukushima Dai-ichi, Fukushima Dai-ni, Tokai Dai-ni and Higashi Dori. However, the ensuing tsunami at Fukushima Dai-ichi resulted in extreme flooding challenging the safety systems of all the six units, exceeding their capacities, breaching their defense-in-depth measures and eventually leading to severe core damage in three of the units resulting in a large radioactive releases severely restricting the deployment of severe accident management resources already reduced by the simultaneous demand from competing units. Heroic actions were taken to prevent additional release from the spent fuel pools. All entities putting additional demands on the single unit sized severe accident management resource (Ref. 2). All this, was aggravated by the severe loss of plant infrastructure caused by the immense destructive energy of the tsunami wave front.
The Fukushima accident underscores the need for a comprehensive site safety assessment methodology which can address the site safety in a holistic way. The fact that multiple hazard or hazard combinations need to be considered, the interaction between the units (be it from shared system, common cause, or interaction of responses), simple screening out of events based on rarity without consideration of
90 NEA/CSNI/R(2014)9
combinations, the consideration of human reliability, severe accident management practice considering multiunit events, the contribution of release from other no-reactor sources on site and other such issues need to be addressed in a comprehensive framework.
In this framework of site safety assessment, the risk assessment should include sensitivities to determine the extent to which multiunit considerations increase or decrease the risk associated with a specific nuclear installation site. The quantification of such a risk at a site level allows the regulatory body to make risk informed decisions in their role as a regulator and protector of public health and the environment.
The Fukushima accident involving a combination of multiunit and multiple hazards highlighted the need for such a holistic framework for risk assessment of a site which is capable of integrating the risk associated with all sources that can be released from a site. This paper is an effort to bring into focus all the different issues that a generalized framework, for site level risk assessment, need to consider in the formulation of an site safety assessment methodology.
2. FRAMEWORK OF SITE SAFETY ASSESSMENT
The following presents the holistic framework for the risk assessment of a site with multiple units and other co-located installations with nuclear inventory. The framework has at its centre the reactor units and the other co-located nuclear installations which are challenged by the external events, the events cause one or more hazards which may challenge the safety of one or more reactor and non-reactor units on the site, the affected installation respond to the imposed challenges which in turn may or may not affect the installations on site, this interactions between installations continue till severe accident managements measures are brought in to play further interactions continue to occur into the release phase from one or more installations. The risk quantification of this release as a measure of its impact on human and environmental health will provide the final response to the site level safety assessment.
Given this framework as the scope of the risk assessment many issues unaddressed before comes to focus. The treatment of multiple hazard on a unit, interaction between units, implementation of severe accident measures, human reliability, environmental conditions, metric of risk for both reactor and non- reactor sources, integration of risk and responses and many such important factors need to be addressed within the context of this framework.
2.1 Interaction
As illustrated by the Fukushima accident, multiunit accidents involve unique challenges to the structures, systems and components that perform the safety functions at each of the installations and the human and infrastructural resources that support the operation and implementation of severe accident management and offsite protective actions. The same hazard or hazard combination may lead to initiating events and accident sequences in multiple installations concurrently (common cause). An accident at one installation may affect the capabilities and compromise the resources available to support mitigational efforts in another installation. Hence the probability of preventing an accident in one installation cannot be assessed without considering the status of the other installations on the site. Consideration of interaction of structures, systems and components between the different installations, the response of the installation and its interaction with the response in individual installations, human reliability given these interactions and others that will result during the progression of an accident are essential interactions to be included in the holistic framework for site safety assessment.
91 NEA/CSNI/R(2014)9
2.2 Risk Metrics
If there is release from more than one installation during the same accident then the emergency planning and severe accident management will be grossly impacted. Considering the fact that the large levels of radiation exposure will quickly saturate the dose levels of the responders and as a result the concurrent release from more than one reactor unit may exceed the linear sum of the consequence of individual reactors. Given this and the fact the frequency of the release at a multiunit site is related to the number of units on the site, the risk metric of core damage frequency (CDF) and large early release (LERF) is no longer an adequate metric for the risk assessment of multiunit sites. A more general set of risk metrics that would apply to all types of accidents similar to that at Fukushima would be those associated with a Level 3 PSA in which the risk of consequences to public health and safety are fully quantified. Thus a new or modified set of risk metric need to be developed which can rationally quantify the risk associated with multiunit sites involving non-reactor installations.
2.3 Screening
For Fukushima serious questions have been raised on the inability to protect the plant against internal and external hazards. This could to a great extent be contributed to the optimistic screening of hazards and the exclusion of hazards combinations that have a higher potential of occurring than could be supported in developing a “deterministic” design basis. It appears that the frequency of events that would exceed the design basis protection against tsunamis, earthquakes and floods are much more likely than assumed in the original design and licensing. So the screening of hazards for multiunit sites need to be more carefully evaluated than previously practiced. Thus careful screening of hazards is an essential ingredient for the safety assessment of multiunit site against multiple hazards.
2.4 Human reliability
In current PSA models credit is taken for operator recovery actions and accident management for the recovery of the plant from a degraded state or core damage condition. As demonstrated in the Fukushima accident these activities can be severely restricted by releases at other installations. The human reliability analysis for single units does not take such a scenario into consideration. For multiunit site the human reliability analysis needs to account for condition where the site is contaminated with radioactive material and accident management action need to be executed in this environment, adding another level of complexity to the safety assessment of multiunit sites.
2.5 Infrastructure
For sever accident management it is usually anticipated that the infrastructure of the site is unaffected by the demands made by the hazard. The toil on the infrastructure during the Fukushima accident was significant and many of the resources that would have played a role in the mitigational actions during the severe accident management were render unusable by the tsunami. In response to this, the industry has undertaken actions to deploy additional resources that can be quickly bought into play to offset damaged infrastructure. In the site safety assessment the role and sequence of such deployment of alternate resources need to be included in establishing a reasonable quantification of the risk profile for the site.
3. SUMMARY
In summary, it can be said that the site safety assessment for a multiunit site will be quite complex and need to start with individual unit risk assessments, these need to be combined considering the interactions between units and their responses, and the fragilities of the installations established considering the
92 NEA/CSNI/R(2014)9
combined demands from all interactions. Using newly established risk metric the risk can then be integrated for the overall site. Fig. 2 shows schematically such a proposal. Much work has to done and the IAEA has established a working group that is systematically establishing the structure and process to incorporate the many issues that are a part of a multiunit site safety assessment.
93 NEA/CSNI/R(2014)9
Fig. 2: Framework for Probabilistic Safety Assessment of Multiunit Sites against External Events
94 NEA/CSNI/R(2014)9
REFERENCES
1. ANS Special Committee on Fukushima Daiichi, (2012), "Fukushima Daiichi: ANS Special Committee Report", LaGrange Park, IL, USA 2. United States Nuclear Regulatory Commission, Recommendations for Enhancing Reactor safety in the 21st Century, The Near-Term Task Force, Review of insights from the Fukushima Dai-ichi Accident, USNRC. Washington DC (July 2012)
95 NEA/CSNI/R(2014)9
96 NEA/CSNI/R(2014)9
97 NEA/CSNI/R(2014)9
98 NEA/CSNI/R(2014)9
99 NEA/CSNI/R(2014)9
100 NEA/CSNI/R(2014)9
101 NEA/CSNI/R(2014)9
102 NEA/CSNI/R(2014)9
103 NEA/CSNI/R(2014)9
104 NEA/CSNI/R(2014)9
SESSION 1
ANALYSIS OF EXTERNAL HAZARDS POTENTIAL
Chair: Jorma Sandberg L. Burgazzi IMPLEMENTATION OF PSA MODELS TO ESTIMATE THE PROBABILITIES ASSOCIATED WITH EXTERNAL EVENT COMBINATION
J. Hellander IDENTIFICATION AND SCREENING OF HAZARDS FOR THE EXTERNAL EVENT PRA
K. Demjancukova, L. Pecinka SEISMIC HAZARD ASSESSMENT FOR NPPs IN CZECH REPUBLIC
H. Kollasko, M. Jockenhövel-Barttfelda, U. Klappa PROBABILISTIC ANALYSIS OF EXTERNAL EVENTS WITH FOCUS ON THE FUKUSHIMA EVENT
105 NEA/CSNI/R(2014)9
106 NEA/CSNI/R(2014)9
Implementation of PSA models to estimate the probabilities associated with external event combination
Luciano Burgazzi
ENEA, Italian National Agency for New Technologies, Energy and Sustainable Economic Development Via Martiri di Monte Sole 4, 40129 Bologna, Italy tel. +39 051 6098556, fax +39 051 6098279
e mail: [email protected]
Abstract
This note endeavors to address some significant issues revealed by the Fukushima accident in Japan in 2011, such as the analysis of various dependency aspects arisen in the light of the external event PSA framework, as the treatment of the correlated hazards. To this aim some foundational notions to implement the PSA models related to specific aspects, like the external hazard combination, e.g., earthquake and tsunami as at the Fukushima accident, and the external hazard-caused internal events, e.g., seismic induced fire, are proposed and discussed to be incorporated within the risk assessment structure.
1. Introduction
The Fukushima accident of Japan in 2011 has discovered various gaps related to the current PSA approach usage for plant risk assessment. This makes some issues to be re-considered and/or improved in the PSA application and state of practice: these include, for instance, PSA for extreme external events, site-wide risks, extended accident scenarios implying consideration for prolonged mission times. While these issues are suitable be classified into the class relative to the incompleteness of PSA, another important category relates to the identification of the dependencies between the hazards and their modeling within the PSA framework. To this aim some foundational notions to implement the PSA models related to the external hazard combination, e.g., earthquake and tsunami as at the Fukushima accident, and the external hazard-caused internal events, e.g., seismic induced fire, are proposed and discussed to be incorporated within the risk assessment structure.
2. Correlation between hazards
As mentioned earlier, the requirement to consider correlated hazards is emphasized by the Fukushima accident, as regards the combination of extreme hazards and the hazard-induced initiating events. In order to foster the importance of this aspects the simplifying assumptions of independence have to be avoided and
107 NEA/CSNI/R(2014)9
implemented with appropriate models suitable to describe the correlation mechanisms, in terms of Common Cause Initiating Events (CCIE), such as:
• seismic hazard and tsunami, as events sharing the same source of origin
• strong winds and heavy rain, as phenomenological correlated events
• seismic hazards and seismically induced fire, as induced hazards
The present analysis is not site-specific, but aimed at a sort of “technology neutral framework”, acknowledging the fact that the frequency assessment of correlated hazards should take into account all the available information (i.e. site-specific, regional, worldwide), as well as all correlations and uncertainties.
3. Combination of hazards approach
The easiest and “uncomplicated” way to assess the frequency of two or more external events occurring simultaneously would be to consider them as independent events, so that the overall frequency would be quite straightforward as the product of the single frequencies. But actually the problem is more complicated, especially when dependency between the events cannot be ignored in the frequency assessment of the initiating event. In fact, further analysis, as shown in the previous section, reveals that the single frequencies, actually, are not suitable to be chosen independently of each other, mainly because of the expected synergism between the different events under investigation: these synergistic effects trigger an accident sequence with the potential to challenge the system safety and performance at a more severe degree and extent than it would be if the single event were to be considered. This conclusion allows the implementation of the initiating event quantification, by properly capturing the interaction between the single frequencies characteristics of the various events. One approach to address the case of dependent external events is to is to estimate the joint p.d.f. (probability density function) of the frequencies, and then estimate the frequency based on the estimated joint p.d.f..
Consider a simple case characterized by two events. Let’s denote x1 and x2 the relative frequencies with
distributions f(x1) and f(x2): if the events are dependent the following relationship holds:
f(x1, x2) ≠ f(x1)*f(x2) (1)
where the left term denotes the frequency of the combined events to be assessed, in the form of the joint p.d.f.
of the single frequencies.
This expression extended to a number n of external events becomes:
f(x1, x2, …,xn) ≠ f(x1)* f(x2)*…*f(xn) (2)
108 NEA/CSNI/R(2014)9
For instance, in case of induced hazards as formerly defined, the application of the conditional probability concept implies the consideration for the dependencies between the events: this concerns essentially the assumption of dependency between the marginal distributions, to construct the joint probability distribution of the frequencies relative to the conditioning event and the conditioned event. Therefore, in particular, in this work the concept of conditional probability is applied to determine the conditional density estimate. At first we’ll recall some definitions and characteristics of the conditional density function.
The conditional probability for events A and B (conditional probability of A occurring given that B occurs) is given by: P( AB ) P( A / B ) = (3) P( B )
if P(F)>0
The expression for the conditional probability density function is
f ( x, y ) f ( y / x ) = (4) fx( x )
defined for x = fx( x ) > 0
where f(x,y)> 0 is the joint density function of the variables x and y
where the marginal density fx of x satisfies
∞ (5) fx( x ) = f ( x,y )dy ∫−∞
Then the conditional probability of y given x, is
Y F( y / x ) = P( y < Y / x = X ) = f ( y / x )dy (6) ∫−∞
In the following, the normal distribution is considered for its relative simplicity and familiarity to engineers. It represents a good approximation in case the standard deviation is small as compared to the mean value.
f(x) = (1/σ 2 π )exp – ((x-μ)2/2σ2) (7)
The values of the cumulative distribution function are derived from the tables of the standard normal distribution N(0,1),
109 NEA/CSNI/R(2014)9
f(t) = (1/ 2 π )exp –(t2/2) (8)
after the transformation t=(x-μ)/σ
4. Illustrative example
As an illustrative example, table 1 shows the parameters of interest of the normal distributions, with reference to the case of the combination of two events (such as the earthquake and tsunami or strong wind and heavy rain).
Table 1 Normal pdf characteristics Parameter Range(a-b, 1/year) Characteristics (1/year)
x1 3-7 E-01 μ = 5.0E-1
σ = 1.0E-1
x2 2-6 E-01 μ = 4.0E-1
σ = 1.0E-1
It’s worth noticing that the ranges defined by two standard deviations roughly cover the 95% confidence interval, considering that the two-sided 95% confidence interval lies at + 1.96 standard deviations from the mean value. The joint p.d.f. of two normally distributed variables x and y, is given by the bivariate normal distribution expression:
2 1/2 2 f(x,y) = 1/[2πσ1σ2 (1-ρ ) ] exp – [s/(2 (1-ρ ))] (9)
Where
2 2 2 2 s = (x- μx) / σx – [2 ρ(x- μx) (y- μy)]/ (σx σy) + (y- μy) / σy (10)
The expression for the bivariate normal density function in the standard form is:
f(x,y) = (1/2π(1-ρ2)1/2) exp –( (x2 + y2 -2ρxy)/2(1-ρ2)) (11)
with Pearson’s product moment correlation coefficient ρ
ρ = σ12/(σ1 σ2) (12)
110 NEA/CSNI/R(2014)9
A bivariate normal distribution is specified by setting an average matrix μ = (μ1, μ2), and a variance-
covariance matrix Σ = (σij) with σ11 = Var (x), σ22 = Var (y) and σ12 = σ21 = COV(x,y), respectively as
2 μ1 σ 1 σ12 and [ μ ] [ 2 ] 2 σ21 σ2
Note that Σ is a symmetric positive matrix.
In the present case let’s assume a correlation coefficient equal to 0.9, since the variables seem to be highly correlated: from (12) this is equivalent to a covariance value of 14.4. Thus the matrixes defined above assume the form of
μ1 5* 2 = σ σ 1* 0,9** [ ] [ ] and 1 12 = μ2 4** σ 2 [ σ 2 ] [ 0,9** 1* ] * read as 5.0E-1 *read as21 1.0E-2 ** read as 4.0E-1 **read as 0.9E-2
However the evaluation of these quantities through expressions (9) and (11) requires numerical integration techniques. Thus an other approach is followed if one takes into account the conditional distribution of y given that x =
X. This is represented by another normal distribution:
2 2 f(y/x=X) = Nor (μy + ρ(σy/σx)(x- μx), σ y(1- ρ )) (13)
With the correspondences x1=y and x2=x we can construct the joint probability mass function of the two variables. From the normal distribution parameters, one can determine the probability given that the variable x will fall in a given range. For example let’s evaluate the probability value of the combined external events frequency (1/year), conditional on one single external event assuming a certain frequency value (e.g. x=4,1*10-1/year). This point is illustrated in figure 1 below, which refers to parameter values reported in table 1, so that the expected values E and variance Var of the normal pdf are respectively:
E (y/x= 4,1*10-1/year) = 5,09E-1/year Var (y/x= 4,1*10-1/year) = 0,019E-1/year
The relative p.d.f. in the form f(y/x=4,1*10-1/year) = Nor (5,09*10-1/year, 0,019*10-1/year) is represented in figure 1.
111 NEA/CSNI/R(2014)9
Normal distribution (Prob. density) (The horizontal scale is determined by the parametric values)
25
20
15
10
5
0 5,02 5,04 5,06 5,08 5,1 5,12 5,14 5,16
Prob. density Mean value Selected probability
Figure 1 conditional probability density function of events
The probability of the occurrence of both events, with frequency of, for instance, 5.1*10-1/year and 4,1*10- 1/year respectively, is
P(y<5,1 *10-1/x=4,1*10-1) = Φ(0,53) = 0.7, as represented in the highlighted area of the figure below.
The previous analysis holds particularly as regards the case of induced accidents, where the probability of occurrence of an event is conditional upon the occurrence of another event. This analysis may be extended to include more external events, by adopting multivariate normal distributions: obviously this adds a significant burden to the study. It’s worth noticing that this mathematical approach finds application, as well, as regards the development of the whole probabilistic safety analysis process, since models for PSA for external events typically consider a number of potential events that may challenge plant safety such as loss of AC power necessary to operate critical equipment and/or loss of capability to cool the nuclear reactor core. As the characteristics of events that may challenge plant safety are identified, the capacity of the safety systems designed to protect critical functions is evaluated for the conditional probability of failure, thus resulting in an overall measure of the available protection with respect to the likelihood of the intervening event.
112 NEA/CSNI/R(2014)9
Normal distribution (Prob. density) (The horizontal scale is determined by the parametric values)
25
20
15
10
5
0 5,02 5,04 5,06 5,08 5,1 5,12 5,14 5,16
-5
Prob. density Mean value Selected probability
Figure 2 conditional probability of events
Results are based and conditional upon the assumed distributions and the assumptions coming from a “rough” engineering investigation, without resorting to site-specific data bases for statistical inference, retaining the level of generality of the analysis, as formerly underlined.
5. Conclusions
Risk assessment of external hazards is required and utilized as an integrated part of PRA for operating and new reactor units. In the light of the Fukushima accident, of special interest are correlated events, whose modelling is proposed in the present study, in the form of some theoretical concepts, which lay the foundations for the PSA framework implementation. An applicative example is presented for illustrative purposes, since the analysis is carried out on the basis of generic numerical values assigned to an oversimplified model and results are achieved without any baseline comparison. Obviously the first step aimed at the process endorsement is the analysis of all available information in order to determine the level of applicability of the observed specific plant site events to the envisaged model and the statistical correlation analysis for event occurrence data that can be used as part of this process. Despite these drawbacks that actually do not qualify the achieved results, the present work represents an exploratory study aimed at resolving current open issues to be resolved in the PSA, like topics related to
113 NEA/CSNI/R(2014)9
unanticipated scenarios: the combined external hazards of the earthquake and tsunami in Fukushima, external hazards causing internal events, such as seismic induced fire. These topics are to be resolved among the other ones as emerging from the Fukushima accident, in order to endorse and make more effective the risk assessment process.
8 114 NEA/CSNI/R(2014)9
Nuclear Safety and Technology 1 (8) Juho Helander 2013-05-24 Public
External hazard identification, screening and studies for a new plant site
Juho Helander Fennovoima Oy, Helsinki, Finland
Abstract Fennovoima is constructing a new nuclear power plant on a greenfield site in Northern Finland. Various evaluations for site-specific hazards are needed to ensure sufficient plant design basis values, proper design solutions and to provide input for the PRA model.
This paper presents the general process used in identifying the relevant site-specific external hazards. The applicable legislative requirements, guides and standards regarding external hazards and external event PRA shall be identified. Based on these, an initial comprehensive list of events should be compiled.
The initial list shall be filtered to exclude irrelevant events. Events can be screened out if the probability is very low or if the consequences are only mild. Events with similar consequences should be combined. Events can be grouped in several ways, and in this paper the risks are categorized into events related to air, water bodies, ground and human behaviour. In addition, the simultaneously occurring combinations of events should be identified.
The paper also summarizes some hazard studies already performed and required in the future in Fennovoima's project. A comprehensive study is ongoing related to earthquake risks. The study aims at identifying all relevant seismic sources and taking into account various expert opinions in seismic modelling. Also frazil ice and anchor ice studies are being performed to eliminate the risk of cooling water intake blockage due to ice. In addition, some other study areas are mentioned.
Contents 1 INTRODUCTION ...... 2 2 GUIDES AND STANDARDS ...... 2 2.1 Finnish YVL guides ...... 2 2.2 International guides and standards ...... 2 3 EVENT IDENTIFICATION AND SCREENING ...... 3 3.1 The process description ...... 3 3.2 Event screening ...... 4 3.3 Event combinations ...... 5 4 EVENT STUDIES ...... 6 4.1 Studies in different project phases ...... 6 4.2 Earthquake studies ...... 7 4.3 Frazil ice studies ...... 8 4.4 Other studies ...... 8 5 SUMMARY AND CONCLUSIONS ...... 8
Fennovoima Oy | fennovoima.fi | +358 20 757 9200 | Salmisaarenaukio 1, FI-00180 Helsinki, Finland | Business ID 2125678-5
115 NEA/CSNI/R(2014)9 2 (8)
2013-05-24 Nuclear Safety and Technology Public Juho Helander
1 INTRODUCTION
Fennovoima is planning to construct a nuclear power plant (FH-1) in a greenfield site in Pyhäjoki, Hanhikivi in Northern Finland. The positive political decision (Decision-in-Principle) related to the plant project was received in 2010, and the site was selected in 2012. The next step in the project is the submittal of the construction license application to the Ministry of Employment and Economy (MEE) by June 2015. Together with the application, also the design- phase PRA shall be submitted to the Finnish Radiation and Nuclear Safety Authority (STUK).
Fennovoima's plant options include Toshiba's EU-ABWR (1600 MW electric output) and Rosatom's AES-2006 (1200 MW). Direct negotiations are ongoing with both plant suppliers and the selection will be made during the year 2013.
This paper discusses the process used in creating a list of relevant events requiring further studies. The aim is to identify the hazards to be modelled as initiating events in the PRA model.
In Section 2, some applicable guides and standards are presented. Section 3 presents the process for identifying and screening events. Section 4 discusses some specific studies related to the Hanhikivi site, specifically related to earthquakes and frazil ice. Section 5 presents a summary and conclusions.
2 GUIDES AND STANDARDS
2.1 Finnish YVL guides
External hazards have been discussed in the Finnish regulatory guides (YVL guides). Guide A.2 (site selection) mentions some events that shall be taken into account in site selection. Guide A.7 (PRA) requires that also relevant external events shall be included in the PRA model. However, the guide does not explicitly mention the events to be included. Guide B.7 (internal an external threats) gives quite a comprehensive list on external events to be considered in the plant design. It also states that the adequacy of the design basis values related to earthquakes and other external events shall be demonstrated by using PRA.
The YVL guides also state that when possible, a hazard curve shall be evaluated. This requires that the event strength can be measured by using a scale, and that there is a measured time series available. Occurrence times longer than the observation period can be evaluated by fitting an extreme distribution and using extrapolation. The hazard curve uncertainties shall be assessed by evaluating hazard curves also for locations surrounding the site.
The anticipated changes in event occurrences and strengths due to climate change shall be assessed and taken into account. For example, the climate change causes the mean sea water level to rise, but on the other hand, land upheaval causes the mean level to lower.
Also the dependencies between different events shall be considered.
2.2 International guides and standards
There are several guides and standards related to external event PRA and external events in general: NRC. NUREG/CR-230. PRA procedures guide.
116 NEA/CSNI/R(2014)9
Nuclear Safety and Technology 3 (8) Juho Helander 2013-05-24 Public
IAEA. NS-G-1.5. External events excluding earthquakes in the design of nuclear power plants. IAEA. NS-R-3. Site evaluation for nuclear installations. IAEA. NS-G-3.1. External human induced events in site evaluation for nuclear power plants. IAEA. SSG-3. Development and application of level 1 probabilistic safety assessment for nuclear power plants. IAEA. SSG-18. Meteorological and hydrological hazards in site evaluation for nuclear installations. IAEA. SSG-21. Volcanic hazards in site evaluation for nuclear installations. ASME. ASME/ANS RA-S-2008. Standard for level 1 / large early release frequency probabilistic risk assessment for nuclear power plant applications. NEA. NEA/CSNI/R(2009)4. Probabilistic safety analysis (PSA) of other external events than earthquake. SKI. SKI report 02:27. Guidance for external events analysis.
There are also standards related specifically to seismic hazards: IAEA Safety guide. NS-G-1.6. Seismic design and qualification for nuclear power plants. IAEA Safety guide. NS-G-2.13. Evaluation of seismic safety for existing nuclear installations. IAEA Specific safety guide. SSG-9. Seismic hazards in site evaluation for nuclear installations.
3 EVENT IDENTIFICATION AND SCREENING
3.1 The process description
The process used in identifying the relevant external events to be modelled in the PRA is presented in Figure 1.
Figure 1. The process for identifying the relevant events to be modelled in the PRA.
117 NEA/CSNI/R(2014)9 4 (8)
Nuclear Safety and Technology 2013-05-24 Juho Helander Public
The initial event identification should create as comprehensive a list as possible, because also very rare events with serious consequences can have a significant contribution on the total risk of a nuclear power plant.
Events with a low probability should be screened out. A general screening frequency used in many PRA models is 1·10-8 /a. These events have only a very small contribution to the total plant risk regardless of the event consequences.
Events that can only cause small consequences or only have a low potential should be screened out. For some events, the maximum potential can be determined quite accurately. The events included in the PRA model shall exceed the design basis of the plant or a part of the plant or the design basis of the national grid, and they shall lead to significant consequences resulting in reactor scram and plant shutdown.
Certain events require specific conditions or site characteristics (e.g. landslides require steep slopes). Events that cannot occur on the site should be excluded.
Certain events are included in another event. For example, the initiating event related to high sea water level includes all different factors affecting the sea level (wind, seiche, tide, etc.).
After screening out the irrelevant events, the remaining events should be analysed more carefully. These analyses probably lead to screening out of additional events. The remaining initiating events will be considered as external initiating events in the PRA model.
3.2 Event screening
The initial comprehensive list of possible events to be considered when designing and constructing a nuclear power plant is presented in Table 1. This list is applicable to any site in any part of the world.
Table 1. Initial comprehensive list of site-specific events.
118 NEA/CSNI/R(2014)9
Nuclear Safety and Technology 5 (8) Juho Helander 2013-05-24 Public
The initial list of events can be screened by using the screening criteria presented in Figure 1. Some events can be excluded by more than one criterion.
Events that are generally known to have a very low probability near the Hanhikivi site include e.g.: meteorites, surface faulting, tunnel collapses, tsunami, airplane crash, falling satellites or rockets and ship collision.
Events that cannot cause significant consequences include e.g: air pressure, any animals, drought, fog, frost, hail, ground fires, ground frost, ground water level changes, fish and other sea life, sediment transfer and transportation accidents.
Events that are irrelevant to the Hanhikivi site include e.g.: dust and sand storms, avalanches, land slides, volcanoes, dam failures, dangerous substance leaks and explosions and industrial accidents.
Some events are included in other events. For example, the effects of seiche and waves are included in the high sea water level event. The final list of events requiring further analyses is presented in Table 2. These events require further studies to determine the relevant events to be modelled in the PRA. More detailed studies probably lead to screening out of additional events.
Table 2. Screened list of events requiring further studies.
3.3 Event combinations
In addition to single events, combined events occurring simultaneously shall be identified. The identification of combined events should be concentrated on events that are dependent of each other and cause together more serious consequences than a single event.
Most of the events can be assumed independent of each other (e.g. earthquake and strong wind or algae and lightning). In this case, the probability of extreme events occurring simultaneously is extremely small and can be screened out from the PRA model.
An important aspect in identifying the event combinations is the evaluation of event probabilities during different times of the year. The monthly frequencies of different events should be assessed.
The relevant combinations of initiating events shall be systematically identified after the single events have been identified and their frequencies assessed. Strong wind is a relevant event
119 NEA/CSNI/R(2014)9 6 (8)
2013-05-24 Nuclear Safety and Technology Public Juho Helander
because a storm resulting in loss of offsite power is a relatively general event and it could occur simultaneously with many other events (snow storm, algae, frazil ice, high sea water level).
4 EVENT STUDIES
4.1 Studies in different project phases
External hazard studies have been started at an early phase in Fennovoima's plant project. The figure 2 illustrates some important milestones during which hazard studies are required. In the beginning, quite general evaluations are performed, but later the level of detail should increase.
Figure 2. Important phases in a nuclear power plant project requiring external hazard studies.
Already for the Decision-in-Principle application (related to the political decision), a general description of relevant events is required to assure that the selected sites are suitable.
In 2010, Fennovoima still had two different site options (Pyhäjoki and Simo). Design basis values were determined for both sites based on studies related to meteorological events, earthquakes and sea water level. Also in site selection, the different external events were taken into account.
In accordance with the construction license application, the design-phase PRA and preliminary safety analysis report (PSAR) shall be compiled. Frequencies for very rare events need to be developed to select the events to be modelled in the PRA and to determine the initiating event frequencies. Information is also needed to compile the PSAR chapter related to plant site. This chapter should give general descriptions on the site conditions, the risks related to different site- specific events and the provisions taken to mitigate any harmful effects.
Together with the operating license application, the final PRA and the final safety analysis report (FSAR) need to be submitted. In the design-phase PRA, some preliminary estimates might be used, and more detailed evaluations might be required for the final PRA. The same applies to PSAR and FSAR.
120 NEA/CSNI/R(2014)9
Nuclear Safety and Technology 7 (8) Juho Helander 2013-05-24 Public
4.2 Earthquake studies
Preliminary earthquake evaluations have been performed for the Hanhikivi site in 2008-2012 to determine the design basis earthquake and seismic design basis value for plant systems, structures and components.
In 2013-2015, a new project is ongoing to reduce the uncertainties of the results obtained in the earlier studies. The project is illustrated in Figure 3.
Figure 3. Description of Fennovoima's seismic study in 2013-2015.
The study employs experts from Finnish and Swedish universities, research organisations and consultants. There is also a separate review group that is not involved in the actual work. The project is divided into consecutive phases. The results and reports of each phase are always reviewed before moving on to the next phase.
The first group studies the seismotectonics and geology of the region. Seismic databases from Finland and Sweden are compiled and harmonised, possible seismic source zones are identified and various seismotectonic models are proposed.
The second group characterizes the seismic source zones by providing the seismic parameters (Gutenberg-Richter equation parameters and maximum magnitudes). Also the suitable GMPE's describing the ground motion attenuation are provided.
In the hazard calculations, a logic tree is used to take into account all relevant opinions by using branches. The branches are weighted according to their estimated probabilities. The logic tree is constructed by the project manager based on the suggestions of groups 1 and 2.
Finally, group 3 calculates the results and conducts some sensitivity analyses. The results are reported according to the ANSI/ANS-2.29-2008 standard, including:
Mean and fractile hazard curves Uniform hazard response spectra and design earthquake response spectrum
121 NEA/CSNI/R(2014)9 8 (8)
2013-05-24 Nuclear Safety and Technology Public Juho Helander
Magnitude-distance deaggregation and seismic source deaggregation Mean magnitude and distance
4.3 Frazil ice studies
The risk related to frazil ice is the possible clogging of the cooling water intake due to large amounts of ice. Actually, two different phenomena can be distinguished: frazil ice and anchor ice.
Frazil ice is formed when water is cooled to the extent that it gets supercooled and ice crystals start to form and grow. Anchor ice, on the other hand, grows on the surfaces of objects in the water.
The main target of the frazil ice studies is the determination of proper design solutions that minimize the intake clogging probability. These include at least recirculation of warmed cooling water, electric heating of the trash screen, proper trash screen dimensions (mesh size and bar diameters) and intake depth. Additionally, the frazil ice or anchor ice occurrence probabilities are estimated, if possible.
The frazil ice studies concentrate on the blocking mechanisms, specification of favourable circumstances for frazil ice occurrence, physical modelling and possibility of frazil ice occurrence at Hanhikivi.
4.4 Other studies
Some other examples of site-specific hazard studies performed for the Hanhikivi site include: Meteorological events: Air temperature, wind, humidity, precipitation, snow load. Meteorological events are also studied in the Finnish nuclear research project SAFIR (Extreme Weather subproject) Sea water level and sea ice effects Probability of an accidental airplane crash Processing, storage and transportation of dangerous substances
5 SUMMARY AND CONCLUSIONS
This paper presented a list of Finnish and international guides and standards useful in evaluating external hazards. Also a methodology was presented to identify and screen site-specific hazards in a new nuclear power plant project. The screened list of relevant events for the Hanhikivi site requiring further studies was presented.
Also the studies needed in different phases of a new nuclear power plant project were discussed. Some specific studies regarding earthquakes and frazil ice were described in detail.
Studying the potential related to different site-specific external hazards is important because they might have a significant risk contribution. This impression is supported, for example, by the events in Fukushima. The plant has to be designed by taking properly into account local and regional conditions. The risk significance of each event should be specified so that most attention can be paid for the most relevant events.
122 NEA/CSNI/R(2014)9
SEISMIC HAZARD ASSESSMENT FOR NPPS IN CZECH REPUBLIC
Katerina DEMJANCUKOVA, UJV Rez, a.s. Ladislav PECINKA, UJV Rez, a.s.
ABSTRACT
Czech Republic is a country with very low seismicity. For the two operated NPPs, the IAEA Safety Guide 50-SG-S1 was applied and the level of peak ground acceleration of 0.1g has been defined. For the new two units planned to be operated in Temelin site, the IAEA Safety Guide SSG-9 has been used for seismic hazard assessment.
KEY WORDS: Seismic hazard, IAEA Safety Guides, peak ground acceleration, Newmark ground response spectra, regional investigations, near regional investigations, site vicinity investigations, site area investigations
1. HISTORY
Czech Republic is a country with very low seismicity. For the two operated NPPs, the IAEA Safety Guide 50-SG-S1 (Rev.1) “Earthquakes and associated topics in relation to nuclear power plant siting” [1] was applied and the level of peak ground acceleration of 0.1 has been defined. The recommendations of IAEA Safety Guide NS-G-3.3 “Evaluation of Seismic Hazards for Nuclear Power Plants” [2] have been taken into consideration. For the NPP Temelin site the following accelerograms have been selected for further analysis
- San Severo, Italy, 23. 11. 1980,
- USA, Western Part, 04. 09. 1955,
- USA, Western Part, 22. 03. 1957,
- USA, Western Part, 22. 09. 1957.
All these accelerograms have been linearly modified to correspond to the peak ground acceleration value of 0.1g in horizontal and vertical directions. The calculated ground response spectra have been enveloped and compared with Newmark ground response spectra according to the methodology presented in NUREG/CR 0098.
For the NPP Dukovany, similar approach has been used and finally the Newmark ground response spectrum has been selected for seismic upgrading.
2. INVESTIGATIONS ACCORDING IAEA SAFETY GUIDE SSG-9
For the new two units planned to be operated on Temelin site, the IAEA Safety Guide SSG-9 “Seismic Hazards in Site Evaluation for Nuclear Installations” [3] will be used. This Guide also addresses what is needed for probabilistic safety assessment conducted for nuclear installations. The key elements of this approach are as follows
123 NEA/CSNI/R(2014)9
- geological, geophysical and geotechnical database,
- construction of regional seismotectonic model,
- evaluation of the ground motion hazard,
- probabilistic seismic hazard analysis.
3. GEOLOGICAL, GEOPHYSICAL AND GEOTECHNICAL DATABASE
Regional investigations: the size of the relevant region may vary, depending on the geological and tectonic setting, and its shape maybe asymmetric in order to include distant significant seismic sources of earthquakes. Its radial extent is typically 300 km. The data are typically presented at a scale of 1:500 000 or larger, and with appropriate cross-sections.
Near regional investigations: the objectives of these studies are to
- define the seismotectonic characteristics of the near region on the basis of a more detailed database than that obtained from the regional study,
- determine the latest movements of faults,
- determine the amount and nature of displacements, rates of activity and evidence related to the segmentation of faults.
The data are typically presented at scale of 1:50 000 and with appropriate cross-sections.
Site vicinity investigations: site vicinity studies should cover a geographical area typically not less than 5 km in radius. Investigations should include geomorphological and geological mapping, geophysical investigations and profiling, boreholes and trenching. As a minimum, the following data sets should be provided
- a geological map with cross-sections,
- age, type, amount and rate of displacement of all the faults in the area,
- identification and characterization of locations potentially exhibiting hazards induced by natural phenomena and by human activities.
Typically, the data are presented in maps at a scale of 1:5000 and with appropriate cross-sections.
Site area investigations: the following investigations of the site area should be performed by using field and laboratory techniques
- geological and geotechnical investigations to define the stratigraphy and the structure of the area,
- hydrogeological investigations using boreholes and other techniques,
- supplemental investigations of site effects. The dynamic behaviour of the site should be assessed, using available macroseismic and instrumental information as guidance.
The data are typically presented on maps at a scale of 1:500 and with appropriate cross-sections.
124 NEA/CSNI/R(2014)9
4. CONSTRUCTION OF REGIONAL SEISMOTECTONIC MODEL
The link between the geological, geotechnical and seismological databases and the calculation of the seismic hazard is a regional seismotectonic model, which should be based on a coherent merging of the databases. Any seismotectonic model should consist, to a greater or lesser extent of two types of seismic sources
- the seismogenic structures that can be identified by using the available database,
- diffuse seismicity that is not attributable to specific structures identified by using the available database.
The identification of seismogenic structures should be made from the geological, geophysical, geotechnical and seismological databases. For seismogenic structures that have been identified as being pertinent to determining the exposure of the site to earthquake hazards, their associated characteristics should be determined.
In the performance of a seismic hazard evaluation, knowledge about the depth distribution of the diffuse seismicity should be incorporated. Estimates of the maximum depth of earthquakes can be made on the basis of the recognized fact that earthquakes originate within or above the brittle to ductile transition zone of the Earth’s crust.
5. EVALUATION OF THE GROUND MOTION HAZARD
The ground motion hazard should preferably be evaluated by using both probabilistic and deterministic methods of seismic hazard analysis. When both deterministic and probabilistic results are obtained, deterministic assessments can be used as a check against probabilistic assessments in terms of the reasonableness of the results, particularly when small annual frequencies of exceedance are considered.
The ground motion as a function of all relevant parameters should be expressed in the form
GM = g(m,r,ci ) + εgm + εc, (1)
where
GM is the median estimate of the ground motion parameter and ground motion component of interest (usually expressed as a logarithm), g(...) is a mathematical function, m is the earthquake magnitude, r is the seismic source to site distance, ci are other relevant parameters, εgm is the aleatory uncertainty, εc is the component to component variability.
The calculated ground motion may express the maximum ground motion or a random component, depending on the project needs. The parameter εc is used when the component to component variability needs to be represented.
125 NEA/CSNI/R(2014)9
6. PROBABILISTIC SEISMIC HAZARD ANALYSIS
The conduct of a probabilistic seismic hazard analysis should include the following steps
- evaluation of the seismotectonic model for the site region in terms of the defined seismic sources, including uncertainty in their boundaries and dimensions,
- for each seismic source, evaluation of the maximum potential magnitude, the rate of earthquake occurrence and the type of magnitude–frequency relationship, together with the uncertainty associated with each evaluation,
- selection of the attenuation relationships for the site region, and assessment of the uncertainty in both the mean and the variability of the ground motion as a function of earthquake magnitude and seismic source to site distance,
- performance of the hazard calculation,
- taking account of the site response.
The expected frequency, per unit time period per seismic area, of earthquakes of a magnitude equal to or greater than mmin of the seismic source i; this may be represented by a Poisson process or a renewal process. The parameters needed for this evaluation are as follows
S is the number of seismic sources, mmin, mmax are the minimum and maximum potential magnitudes of the seismic source i, dmin, dmax are the minimum and maximum earthquake rupture dimensions of the seismic source i, rmin, rmax are the minimum and maximum distances from the seismic source i to the site.
CONCLUSIONS
Czech Republic is a country with a very low seismicity. For the evaluation of seismic hazard of two operated NPPs with VVER type reactors the IAEA Safety Gide 50-SG-S1 “Earthquakes and associated topics in relation to nuclear power plant siting” and the peak ground acceleration value has been established 0.1g.
After Fukushima event the higher level of seismic safety of nuclear power plants is required. The IAEA Safety Guide SSG-9 represents collective knowledge gained from recent significant earthquakes and new approaches in methods of analysis, particularly in the areas of probabilistic seismic hazard analysis and strong motion simulation. From this reason this safety guide will be applied to new two units planed to be built in Temelin site.
REFERENCES
[1] IAEA. Safety Guide 50-SG-S1 (Rev.1). Earthquakes and associated topics in relation to nuclear power plant siting. IAEA, Vienna, 1991.
[2] IAEA. Safety Guide NS-G-3.3. Evaluation of Seismic Hazards for Nuclear Power Plants. IAEA, Vienna, 2002.
[3] IAEA. Specific Safety Guide SSG-9. Seismic Hazards in Site Evaluation for Nuclear Installations. IAEA, Vienna, 2010.
126 NEA/CSNI/R(2014)9
PROBABILISTIC ANALYSIS OF EXTERNAL EVENTS WITH FOCUS ON THE FUKUSHIMA EVENT
a a a Heiko Kollasko , Dr. Mariana Jockenhövel-Barttfeld , Dr. Ulrich Klapp aAREVA NP GmbH, Erlangen, Germany
Abstract:
External hazards are those natural or man-made hazards to a site and facilities that are originated externally to both the site and its processes, i.e. the dutyholder may have very little or no control over the hazard. External hazards can have the potential of causing initiating events at the plant, typically transients like e.g., loss of offsite power. Simultaneously, external events may affect safety systems required to control the initiating event and, where applicable, also back-up systems implemented for risk-reduction.
The plant safety may especially be threatened when loads from external hazards exceed the load assumptions considered in the design of safety-related systems, structures and components.
Another potential threat is given by hazards inducing initiating events not considered in the safety demonstration otherwise. An example is loss of offsite power combined with prolonged plant isolation. Offsite support, e.g., delivery of diesel fuel oil, usually credited in the deterministic safety analysis may not be possible in this case. As the Fukushima events have shown, the biggest threat is likely given by hazards inducing both effects. Such hazards may well be dominant risk contributors even if their return period is very high.
In order to identify relevant external hazards for a certain Nuclear Power Plant (NPP) location, a site specific screening analysis is performed, both for single events and for combinations of external events. As a result of the screening analysis, risk significant and therefore relevant (screened-in) single external events and combinations of them are identified for a site. The screened-in events are further considered in a detailed event tree analysis in the frame of the Probabilistic Safety Analysis (PSA) to calculate the core damage/large release frequency resulting from each relevant external event or from each relevant combination.
Screening analyses of external events performed at AREVA are based on the approach provided by the SKI guidance 2:27 and have been performed as part of the PSA for new plant designs and for installed based projects.
Following the Fukushima event from March 2011, the methodology for screening external events has been reviewed at AREVA with respect to its applicability, limitations and to the identification of enhancement areas.
127 NEA/CSNI/R(2014)9
This paper presents the screening analysis methodology to identify relevant external events and external event combinations. In line with the WENRA Position paper, this approach provides valuable input information for the identification of single external events and their combinations to create Fukushima-like rare and severe external hazards which may need to be addressed additionally to the general design basis as design extension hazards by realistic analyses rather than conservative. The analysis is based on a systematic identification of relevant external event combinations which includes earthquake-induced external events and takes into account a deterministic justification of the design basis for external events including beyond design external events.
Lessons learnt from the Fukushima accident have been identified and evaluated in order to be considered for reinforcement in the identification, screening and in the detailed probabilistic analysis of external events.
Keywords: External Hazards; Screening Analysis, Design Extension Hazards; Probabilistic safety Analysis
1. Introduction
The accident at the Fukushima Daiichi nuclear power plant on 11-th of March 2011 was caused by a violent earthquake followed by a major tsunami that has stricken the site and resulted in severe damages. The sequence of events which followed to a critical situation on 3 reactors (units 1 to 3) and in the spent fuel pool of unit 4, and finally to massive radioactivity releases to the environment. This major event has been classified by the Japanese Safety Authority at the maximum level on the INES scale (level 7).
The Fukushima event has shown the safety relevance of rare events, exceeding the design base of a NPP. The plant safety may especially be threatened when loads from external hazards exceed the load assumptions considered in the design of safety-related systems, structures and components.
Despite the fact that external hazards have been analyzed in the scope of deterministic and probabilistic analyses to define the design bases of the plant and to identify relevant external hazards as beyond design accidents, following the Fukushima event the methodology applied for the analysis of external events in the PSA has been reviewed at AREVA with respect to its applicability and limitations.
This paper outlines the main findings of this review and presents the screening analysis methodology to identify relevant external events and external event combinations. In line with the WENRA Position Paper [3], this approach provides valuable input information for the identification of single external events and their combinations to create Fukushima-like rare and severe external hazards which may need to be addressed additional to the general design basis as design extension hazards by realistic rather than conservative analyses.
The analysis is based on a systematic identification of relevant external event combinations which includes earthquake-induced external events and takes into account deterministic justification of the design basis for external events including beyond design external events.
Lessons learnt from the Fukushima accident have been identified and evaluated in order to be considered for reinforcement in the identification, screening and the detailed probabilistic analysis of external events.
128 NEA/CSNI/R(2014)9
2. Consideration of External Hazards for Deterministic and Probabilistic Analyses
The Fukushima event has shown that the following specific external hazards considerations are appropriated:
- A design basis load case to be considered in the design of Systems, Structures and Components (SSCs) (e.g., Design Base Earthquake and Design Base Flooding) and
- A design extension load case (“Design Extension Hazard“, DEH) for which it shall be shown under best-estimate assumptions that fuel melt can be prevented or that the radiological consequences of fuel melt can be controlled by a proper containment function.
As the definition of a DEH may raise a need for design changes it is necessary to identify hazards to which this approach might be applicable at an early design stage. An example of such a design extension hazard is given by the consideration of a crash of large commercial air plane on the plant.
In order to identify relevant external hazards for a certain NPP location, a site specific screening analysis is performed, both for single and for combinations of external events.
The screening analysis identifies relevant single and combined external hazards, which are natural or man- made events which originate externally to the site and its processes and which have the potential of causing initiating events at the plant, typically transients (e.g., loss of offsite power). Simultaneously, external hazards may affect safety systems required to control the initiating event and, where applicable, also back- up systems implemented for risk-reduction. The screening analysis of external events is performed to
Identify external hazards for which a Design Extension Approach might be applicable and
Identify the relevant external hazards for the detailed probabilistic analysis.
Screening analyses of external events performed at AREVA are based on the approach provided by the SKI guidance 2:27 [1]and have been performed as part of the PSA for new plant designs and for installed based projects.
As a result of the screening analysis, risk significant and therefore relevant (screened-in) single external events and combinations of them are identified for a site. The screened-in events are further considered as events to which a Design Extension Approach might be applicable. A detailed event tree analysis is performed for each screened-in external event in the frame of the PSA in order to calculate the core damage frequency (CDF) / large early release frequency (LERF) resulting from each relevant external event or from each relevant combination.
An overview of the screening process for external event based on the approach of the external events PSA is presented in Figure 1.
129 NEA/CSNI/R(2014)9
Figure 1: Overview of the Screening Process for external hazards
INITIAL DATA Collecting site/plant COLLECTION relevant information and data on external hazards
IDENTIFICATION OF Exhaustive list of external EXTERNAL HAZARDS events (air, ground, water)
List of plant/site relevant HAZARD SCREENING external events (single and ANALYSIS combined events)
Further detailed analysis on
DEH and/or PSA modelling DETAILED HAZARD of screened-in hazards ANALYSIS
As a first step collection of relevant site information and data on external hazards for the site is performed in order to
Identify external hazards potentially relevant to the plant and to the site and
Provide the necessary input information to perform the screening analysis of external events.
External hazards may in particular have one or more of the following effects to be considered in the safety demonstration (Table 2.2. in SKI guide [1]):
Impact type Description
Structure / Pressure The external event affects safety-related structures and may disable the safety functions contained. Structure / Missile
HVAC (Heating, Ventilation, The external event affects HVAC functions and may cause Air Conditioning) partial or total loss of safety systems relying on heating or cooling.
Alternatively, the event may affect the plant through the
130 NEA/CSNI/R(2014)9
Impact type Description
ventilation system, e.g., corrosive gases.
Ultimate heat sink The external event affects the ultimate heat sink and by this the capability of the residual heat removal from the core via secondary or primary cooling.
Power supply The external event affects the plant grid connections and may cause loss of offsite power.
External flooding The external event causes flooding of buildings or structures and may disable the safety functions contained.
External fire The external event causes fire in buildings or structures and may disable the safety functions contained.
Electric The external event affects safety functions by creating electrical or magnetic fields.
Other direct impact In a few cases, the event may work in a way that is not covered by the general categories. Examples are plant isolation or toxic impact on personnel.
Based on the initial data collection, potential external events to be considered in the screening analysis are identified in order to create an exhaustive list of external hazards.
Grouping the various types of external events is useful for structuring the information presented and for performing a tentative completeness check of the identified events. Based on SKI guide [1] and Annex 1 of IAEA SSG-3 [2] a generic event grouping into natural and man-made external events, cross grouped via air, water and ground based external events is considered. Applying the generic event grouping relevant external events are derived and documented in an exhaustive list of events that constitute as a basis of the external events screening analysis.
3. Screening Analysis of External Events
The screening analysis of external events is performed, in order to limit the number of events to be analyzed to those events which have the potential of a relevant impact to the plant and to the site.
The methodology applied in the screening analysis, which is based on [1], involves the following steps for screening single and combined external events:
Relevancy screening (site relevant external events)
The relevancy screening is based on general information about the strength of the potential external event and its relevancy at the site.
The purpose of the task is to screen out those potential external events, either single or combined, which are not relevant to the site, which means that they cannot occur at the site or in its relevant surroundings or that their maximum possible strength at the site is evidently too low.
131 NEA/CSNI/R(2014)9
The task will result in a list of potential site relevant external events.
The following screening criteria are used (see ref. [1] chapter 5):
Distance The potential event cannot occur close enough to the plant to affect it vulnerably.
Examples of use: Volcanic phenomena could be screened out by the distance from areas where volcanic activities have taken place (if applicable to the site).
Inclusion The potential event is included into another event which is more representative to the site
Example of use: Continuous land rise takes place e.g on the coast of Botnia. This event is slow and may be included in the event low sea water level.
Applicability The potential event is not applicable to the site
Example of use: Events like Low Temperatures, Extreme snow, White frost are not applicable for tropic site locations.
Impact screening (plant relevant external events)
The purpose of the task is to screen out those potential external events, either single or combined, which would not have a considerable effect on the plant structures, cooling, electrical transmission or plant operation, even if maximum impact strength is assumed.. As a result of this task a list of plant relevant external events having the potential to degrade one or more plant safety functions is derived.
132 NEA/CSNI/R(2014)9
The following plant related screening criteria are used for the impact screening (see ref. [1] chapter 5):
Severity The effects of the event are not severe enough to damage the plant, since it has been designed for other loads with similar or higher strength.
Example of use: Extreme air pressure can be screened out using this criterion as normal or abnormal events within this category will not affect the plant.
Warning There is time to shut down the plant or to implement pre-planned measures which would render the event irrelevant. In the first case the functional analysis of event consequences can be restricted to the cold shutdown state. „The assessment of what is a sufficient warning time requires a plant specific approach, and is mainly dependent on the time required for safe shutdown of the plant. However, it also depends on existing procedures, emergency plans, etc. and must be evaluated on a case- by-case analysis.“[1] Example of use: Flooding at river sites will often occur with enough pre-warning time to perform pre-planned actions to protect the plant by installation of flooding protection means and preventive plant shutdown. (exception might be flooding caused by dam failure)
Screening criteria for the identification of design extension load cases (“Design Extension Hazard“, DEH) may differ from PSA screening criteria when a more conservative approach is required in applicable regulations. Examples for deterministic screening criteria may include:
Exclude any hazards against which are physically not possible for a site (e.g. avalanche),
Exclude any hazard whose impact is covered by accident conditions already considered in the plant design (e.g., water-based hazards which would at most lead to a blockage of the service water inlet screens when a scenario “Loss of Ultimate Heat Sink” is already postulated in the safety analysis.
Exclude any hazard whose impact is already covered by another screened-in external hazard (e.g., direct impact from heavy transportation within the site may be covered by consideration of air plane crash).
133 NEA/CSNI/R(2014)9
Event definition
The purpose of the task is to acquire detailed site relevant information on the strength and frequency for each potential plant relevant external event using internal and external information sources. [1] The task will result in potential plant relevant external events characterized by
Information on event strength, duration, frequency, etc.
Potential impact on safety systems/components, availability of external support, etc.
. Note: Experience from ongoing project show that these data are not available completely especially in early project phases, consequently EE screening analysis needs to be updated during the project. Even in later project phases it might be necessary to base the analysis on expert judgment
Plant response analysis
The purpose of the plant response analysis is to identify (see [1]):
a) the design basis values or best estimate expert opinions of the tolerability of relevant safety functions to the external hazard respectively the combined external hazards
b) the damage levels for each potential plant relevant external event together with the assisting expertise at plant.
The analysis shall generate the following general information on the plant response to the various external events:
1. First, it must be identified whether or not an event would cause an initiating event in the plant, and which initiating event is most probable to occur (typically a transient or a need for a manual plant shutdown, either immediately or after some time).
2. Secondly, the potential to degrade one or more safety functions needed to cope with the induced initiating event. The kind of impact of the external event on the plant has to be determined. Available protective measures are also to be identified. These measures may especially include structural characteristics, characteristics of active or passive safety features, diversified features not affected by the event and protective or mitigating human interactions as defined in safety analysis and operating procedures.
4. Analysis of the screened-in External Events
Single external hazards and combination of external hazards are analyzed in detail. This will initially require a more detailed analysis with regard to the protection principles and potential impact. Afterwards it can be concluded whether the event is a candidate event to be considered as
A Design Extension Hazard (DEH) for which it shall be shown under best-estimate assumptions that fuel melt can be prevented or that the radiological consequences of fuel melt can at least be controlled
134 NEA/CSNI/R(2014)9
An event for which a detailed event tree analysis is performed in the frame of the PSA.
The most common approach for the detailed analysis of external hazards in the frame of the PSA is to perform an event tree analysis and to calculate the resulting core damage / large release frequency from this event.
Another approach is to assess safety margins in the design against potential impacts from the respective hazard. The most common example is the seismic margin assessment applied to identify margins in the seismic design of structures and components and to demonstrate robustness against loads from beyond design earthquakes. Margin assessments may support both PSA but also deterministic analysis of design extension hazards.
A third approach would be the definition of deterministic load cases and subsequent explicit analysis (mechanical, thermo-hydraulical, etc.) showing that structures and systems can withstand the load case.
In all approaches understanding of associated uncertainties, both epistemic and aleatory is required [3]. A qualitative uncertainty analysis should be performed discussing the potential influence of assumptions considered. In the frame of PSA the qualitative uncertainty analysis may be complemented by a quantitative uncertainty analysis of the resulting core damage frequency / large release frequency.
Design changes or improvement might be necessary, if
The robustness of the design cannot be demonstrated,
The probabilistic target values for the core damage frequency / large release frequency are exceeded,
The contribution of the hazard to the core damage frequency / large release frequency results in an unbalanced design.
5. Conclusions and Lessons Learned from the Fukushima Accident
The external event screening analysis is described as a method to evaluate the design against external hazards and especially beyond design external hazards. As a result of the screening analysis those external events are identified which need to be analyzed in detail as a Design Extension Hazard (DEH) respectively in the probabilistic safety analysis (PSA) or by margin assessments to demonstrate robustness of the design.
Effects from single and combined external events need to be analyzed. Specifically in light of the Fukushima accident the focus is on the identification of relevant combinations of external hazards for which the effect of the combination is more severe respectively has relevant additional effects compared to the single event.
Some guidelines (see e.g. [1] and [4]) do not allow a screening of certain hazards, especially earthquake, as these hazards are applicable to nearly all sites and specific regulations apply. In consequence these hazards are omitted during data collection and screening. For the identification of potential relevant event combinations this may establish drawbacks as vital information may not be available. It is therefore important to include the full spectrum of hazards in the process.
135 NEA/CSNI/R(2014)9
Correlation mechanisms with the potential to induce hazards to the plant and effects on safety functions to control any transient induced by the combined hazards need to be investigated in more detail. Especially if the screening is based on a low frequency of the event combination, the potential of this combination for inducing a large early release has to be considered in such a way that the frequency criterion takes is based on LERF and not on CDF.
The effects of beyond design external events may aggravate the performance of possible accident management actions to cope with hazard induced unavailability of safety systems. Such actions are:
Actions to fill- up water storages and fuel oil storages for beyond design grace times,
Actions to start back-up systems,
Actions to recover failed / damaged components.
In addition the Fukushima accident has shown that the analysis of beyond design external hazards must take into account severe damages on the plant infrastructure and the public infrastructure for the analysis in such a way that offsite support, e.g. delivery of diesel fuel oil or make-up water usually credited in safety analyses as available may not be possible respectively more difficult to be managed.
The systematic approach of the external event screening method provides a mean to demonstrate the robustness of the plant to effects of design extension hazards in the frame of the plant response analysis respectively the detailed analysis of such external hazards and combination of external hazards which have been identified as relevant for the plant in the screening analysis.
Site specific information and data on strength and frequency of beyond design external events is an important basic input to perform an external event screening analysis.
This input is needed as early as possible for new build projects such that any potential site specific issue to be taken into account for the design of the plant against external events is identified in the early phase of the project.
Experiences from ongoing projects have shown that it is not always possible to receive this information in adequate level of detail. As a consequence of this, the external hazard screening often involves engineering judgments. Caution has to be paid that the assumptions applied are properly documented to allow a later check, e.g., in the frame of periodic safety reviews.
References
[1] SKI-Report 02:27; Febuary 2003 M Knochenhauer / P. Louko; “Guidance for External Event Analysis”
[2] IAEA SSG 3 Development and Application of Level 1 PSA for Nuclear Power Plants
[3] WENRA Booklet: Safety of new NPP designs, draft 9 Position 6 External Hazards, RHWG, October 2012
[4] Probabilistische Sicherheitsanalyse (PSA): Qualität und Umfang; Richtlinie für die schweizerischen Kernanalagen; ENSI-A05/d; Januar 2009
136 NEA/CSNI/R(2014)9
SESSION 2
SPECIFIC FEATURES OF ANALYSIS AND MODELING OF PARTICULAR NATURAL EXTERNAL HAZARDS
Chair: Jeanne-Marie Lanore
J. Holý, M.Hladky, O.Mlady, L.Kolar, M.Jaros ESTIMATION OF FREQUENCY OF RARE NATURAL EXTERNAL EVENTS OF VERY HIGH INTENSITY ON THE BASE OF (NON)AVAILABLE DATA
L. Tunturivuori EXTERNAL HAZARDS IN THE PRA OF OLKILUOTO 1 AND 2 NPP UNITS - ACCIDENTAL OIL SPILLS
In-Kil Choi, D. Hahm, M. Kyu Kim CURENT STATUS AND ISSUES OF EXTERNAL EVENT PSA FOR EXTREME NATURAL HAZARDS AFTER FUKUSHIMA ACCIDENT
J. L. Brinkman REALISTIC MODELLING OF EXTERNAL FLOODING SCENARIOS A MULTI-DISCIPLINARY APPROACH
137 NEA/CSNI/R(2014)9
138 NEA/CSNI/R(2014)9
ESTIMATION OF FREQUENCY OF OCCURRENCE OF EXTREME NATURAL EXTERNAL EVENTS OF VERY HIGH INTENSITY ON THE BASE OF (NON)AVAILABLE DATA.
) ) ) ) ) Holý J.* , Hladky M.** , Mlady O.*** , Kolar L.* , Jaros M.* *) ÚJV Řež, a. s., Hlavni 130, 250 68, Husinec-Rez, Czech Republic **) NPP Dukovany, ***) NPP Temelin
Abstract
The relatively frequent natural external events are usually of minor safety importance, because the NPPs are, with a significant safety margin, constructed and operated to withstand the effects of them. Thus, risk analysis is typically devoted to the natural events of exceptional intensity, which mostly have not occurred up to now, but which still could happen with some low probability, but critical consequences. Since “direct” plant specific data providing evidence about such events to occur is not at disposal, special data treatment and extrapolation methods have to be employed for frequency estimation.
The paper summarizes possible approach to estimation of rate event frequency by means of extrapolation from available data and points out the potential problems and challenges encountered during the analysis. The general framework is commented in the presentation, regarding the effects of choice of probabilistic distribution (Gumbel distribution versus the others), methods of work with data records (To take out some observations and why?) and analysis of quality of input data sets (To mix the data sets from different sources or not? To use “old” observations?)
In the first part of the paper, the approach to creation of NPP Dukovany deterministic design basis regarding natural external events, which was used in past, is summarized. The second, major part of the paper, is devoted to involvement of the ideas of probabilistic safety assessment into safety assessment of external hazards, including such specific topics as addressing the quality of available data records, discussion on possible violation of common assumptions expected to be valid by the rules of statistical data analysis and the ways how to fix it, the choice of probabilistic distribution modeling data variability etc. The examples of results achieved for NPP Dukovany site in Czech republic are given in the final section.
This paper represents a coordinated effort with participation of experts and staff from engineering support organization UJV Rez, a .s. and both NPPs located in Czech Republic – Dukovany and Temelin.
1. Introduction – NPP Dukovany design basis regarding natural external events
With respect to extreme meteorological events, the original design requirements for NPP Dukovany were developed on the base of the Russian standard PIN AE-5.6 [1], used generally for all safety important structures, including buildings, and applied across technologies with high demands on safe operation. In this standard, the events with return period of 10 000 years (1E-04/year) were considered and conservative safety factors of 2,5 for extreme wind load, and 2,0 for extreme snow load were used, if sufficient data for a given time interval was not at disposal (what is quite typical for such events of extreme magnitude). In other words, the systems and buildings were designed and constructed to withstand the event of a magnitude 2,5 (2,0) times bigger than postulated event with return time period of 10 000 years. For non- safety important structures (buildings), less conservative Czech normative document CSN 73 0035 (Load
139 NEA/CSNI/R(2014)9
on civil constructions) [2] was used. The PGA value of 0,06g was used to define the requirements on plant system and structured design regarding seismic load.
The main problem, which appeared later, during engineering support and evaluation of NPP Dukovany operation in nineties, was that the postulated requirements were not fully met during NPP construction. For that reason, reassessment of the design basis was performed in 2000 as a part of plant safety report revision on the base of following principles:
design basis for safety important structures/buildings was defined at 2 levels: